I am working on a project where we want to create the k8s secrets via our service. By default k8s pods can not access the cluster. If you want to access the cluster you need to use k8s concept called as ServiceAccount.
In this post I am not going to explain what is serviceAccount or any k8s related concept. I am simply gonna share the steps I have followed to make it work.
To give cluster access to your pod you need to have 3 things already setup:
- ServiceAccount
- k8s role
- RoleBinding
yaml file to create serviceaccount, let’s call this file as demo_sa.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: sample-sayaml file to create role, let’s call this file demo_role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: sample-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "list", "create" ]yaml file to create the rolebinding, the file name is demo_role_binding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: secret-binding
namespace: default
subjects:
- kind: ServiceAccount
name: sample-sa
namespace: default
roleRef:
kind: Role
name: sample-role
apiGroup: rbac.authorization.k8s.io