.kube/config如何使其可用于kubernetes中部署的rest服务 [英] .kube/config how to make it available to a rest service deployed in kubernetes
问题描述
在kubernetes上部署的rest服务中提供.kube/config文件的最佳方法是什么?
Whats the best approach to provide a .kube/config file in a rest service deployed on kubernetes?
这将使我的服务能够(例如)使用kuberntes客户端api.
This will enable my service to (for example) use the kuberntes client api.
R
推荐答案
创建服务帐户:
kubectl create serviceaccount example-sa
创建角色:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: example-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
创建角色绑定:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: example-role-binding
namespace: default
subjects:
- kind: "ServiceAccount"
name: example-sa
roleRef:
kind: Role
name: example-role
apiGroup: rbac.authorization.k8s.io
使用example-sa
kind: Pod
apiVersion: v1
metadata:
name: example-pod
spec:
serviceAccountName: example-sa
containers:
- name: secret-access-container
image: example-image
窗格定义中最重要的行是serviceAccountName: example-sa
.创建服务帐户并将此行添加到pod的定义中之后,您将可以通过/var/run/secrets/kubernetes.io/serviceaccount/token
访问您的api访问令牌.
The most important line in pod definition is serviceAccountName: example-sa
. After creating service account and adding this line to your pod's definition you will be able to access your api access token at /var/run/secrets/kubernetes.io/serviceaccount/token
.
在此找到上面示例的更详细的版本.
Here you can find a little bit more detailed version of the above example.
这篇关于.kube/config如何使其可用于kubernetes中部署的rest服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!