Creating ServiceAccount in k8s to create secrets from the pod

Anand
2 min readMay 12, 2020

I am working on a project where we want to create the k8s secrets via our service. By default k8s pods can not access the cluster. If you want to access the cluster you need to use k8s concept called as ServiceAccount.

In this post I am not going to explain what is serviceAccount or any k8s related concept. I am simply gonna share the steps I have followed to make it work.

To give cluster access to your pod you need to have 3 things already setup:

  1. ServiceAccount
  2. k8s role
  3. RoleBinding

yaml file to create serviceaccount, let’s call this file as demo_sa.yml

apiVersion: v1
kind: ServiceAccount
metadata:
name: sample-sa

yaml file to create role, let’s call this file demo_role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: sample-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "list", "create" ]

yaml file to create the rolebinding, the file name is demo_role_binding.yaml

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: secret-binding
namespace: default
subjects:
- kind: ServiceAccount
name: sample-sa
namespace: default
roleRef:
kind: Role
name: sample-role
apiGroup: rbac.authorization.k8s.io

--

--

No responses yet