[따배쿠 CKA]27. ServiceAccount Role Binding

*ServiceAccount Role Binding*

1) Service Account생성하기 

2) Role 만들기

3) RoleBinding

---

 Q. Cluster: Kubectl config use-context k8s

 Create the Service Account named pod-access in a new namespace called apps.
 Create a Role with the name pod-role, and the Role Binding named pod-rolebinding.
 Map the ServiceAccount from the previous step to the API resources Podss with the operations watch,list,get

1. service Account 생성하기 

Reference docss 찾기

*Template*
kubectl create serviceaccount my-service-account

k create ns apps
k get ns 

kubectl create serviceaccount pod-access -n apps
k get serviceaccount -n apps 

2. role 생성하기 

kubectl create role pod-role --verb=get --verb=list --verb=watch --resource=pods -n apps

k get role pod-role -n apps
k describe role pod-role -n apps

3. rolebinding 하기 

*Template*
kubectl create rolebinding myapp-view-binding --clusterrole=view --serviceaccount=acme:myapp --namespace=acme

kubectl create rolebinding pod-rolebinding --clusterrole=pod-role --serviceaccount=apps:pod-access --namespace=apps
kubectl + create + rolebinding + [이름] + --clusterrole=[이름] + --serviceaccount=[namespace:이름] +
--namespace=[이름]

k get rolebindings pod-rolebinding -n apps
k describe rolebindings pod-rolebinding -n apps

 

 

 

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Using RBAC Authorization

 

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

Configure Service Accounts for Pods

 

* 본 게시글은 "TTABAE-LEARN" 을 보고 정리한 내용입니다.