May 2018
Intermediate to advanced
554 pages
13h 51m
English
Content preview from Kubernetes Cookbook - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Using the GCP service account to grant a long-lived credential
We need to integrate to pull an image from the Kubernetes node, which requires a long-lived credential that can be stored to the Kubernetes secret. To do that, perform the following steps:
- Create a GCP service account (container-sa):
$ gcloud iam service-accounts create container-sa Created service account [container-sa]. //full name is as below $ gcloud iam service-accounts list | grep container container-sa@kubernetes-cookbook.iam.gserviceaccount.com
- Assign container-sa (use full name) to the roles/storage.admin role:
$ gcloud projects add-iam-policy-binding kubernetes-cookbook \> --member serviceAccount:container-sa@kubernetes-cookbook.iam.gserviceaccount.com \> --role=roles/storage.admin ...