*ServiceAccount Role Binding*
1) Service Account생성하기
2) Role 만들기
3) RoleBinding
Q. Cluster: Kubectl config use-context k8s
Create the Service Account named pod-access in a new namespace called apps.
Create a Role with the name pod-role, and the Role Binding named pod-rolebinding.
Map the ServiceAccount from the previous step to the API resources Podss with the operations watch,list,get
1. service Account 생성하기
*Template*
kubectl create serviceaccount my-service-account
k create ns apps
k get ns
kubectl create serviceaccount pod-access -n apps
k get serviceaccount -n apps
2. role 생성하기
kubectl create role pod-role --verb=get --verb=list --verb=watch --resource=pods -n apps
k get role pod-role -n apps
k describe role pod-role -n apps
3. rolebinding 하기
*Template*
kubectl create rolebinding myapp-view-binding --clusterrole=view --serviceaccount=acme:myapp --namespace=acme
kubectl create rolebinding pod-rolebinding --clusterrole=pod-role --serviceaccount=apps:pod-access --namespace=apps
kubectl + create + rolebinding + [이름] + --clusterrole=[이름] + --serviceaccount=[namespace:이름] +
--namespace=[이름]
k get rolebindings pod-rolebinding -n apps
k describe rolebindings pod-rolebinding -n apps
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Using RBAC Authorization
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decis
kubernetes.io
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
Configure Service Accounts for Pods
A service account provides an identity for processes that run in a Pod. Note: This document is a user introduction to Service Accounts and describes how service accounts behave in a cluster set up as recommended by the Kubernetes project. Your cluster admi
kubernetes.io
* 본 게시글은 "TTABAE-LEARN" 을 보고 정리한 내용입니다.
'cloud > k8s(문제풀이)' 카테고리의 다른 글
[cka] Mock exam-1 (0) | 2022.08.19 |
---|---|
[따배쿠 CKA]28. ServiceAccount Cluster Role binding (0) | 2022.08.17 |
[따배쿠 CKA] 26.User Cluster Role binding (0) | 2022.08.17 |
[k8s]Troubleshooting - worker node failure (0) | 2022.08.17 |
[따배쿠 CKA] 25. User Role binding ( RBAC ) (0) | 2022.08.17 |