June 2022
Intermediate to advanced
201 pages
4h 42m
English
First, create the namespace named apps. Then, we’ll create the ServiceAccount:
$ kubectl create namespace apps $ kubectl create serviceaccount api-access -n apps
Alternatively, you can use the declarative approach. Create the namespace from the definition in the file apps-namespace.yaml:
apiVersion:v1kind:Namespacemetadata:name:apps
Create the namespace from the YAML file:
$ kubectl create -f apps-namespace.yaml
Create a new YAML file called api-serviceaccount.yaml with the following contents:
apiVersion:v1kind:ServiceAccountmetadata:name:api-accessnamespace:apps
Run the create command to instantiate the ServiceAccount from the YAML file:
$ kubectl create -f api-serviceaccount.yaml
Use the create clusterrole command to create the ClusterRole imperatively:
$ kubectl create clusterrole api-clusterrole --verb=watch,list,get \ --resource=pods
If you’d rather start with the YAML file, use content shown in the file api-clusterrole.yaml:
apiVersion:rbac.authorization.k8s.io/v1kind:ClusterRolemetadata:name:api-clusterrolerules:-apiGroups:[""]resources:["pods"]verbs:["watch","list","get"]
Create the ClusterRole from the YAML file:
$ kubectl create -f api-clusterrole.yaml
Use the create clusterrolebinding command to create the ClusterRoleBinding imperatively.
$ kubectl create clusterrolebinding api-clusterrolebinding \ --serviceaccount=apps:api-access --clusterrole=api-clusterrole ...
Read now
Unlock full access