.kube/config如何使其可用于kubernetes中部署的rest服务 [英] .kube/config how to make it available to a rest service deployed in kubernetes

问题描述

在kubernetes上部署的rest服务中提供.kube/config文件的最佳方法是什么?

Whats the best approach to provide a .kube/config file in a rest service deployed on kubernetes?

这将使我的服务能够(例如)使用kuberntes客户端api.

This will enable my service to (for example) use the kuberntes client api.

R

推荐答案

创建服务帐户:

kubectl create serviceaccount example-sa

创建角色:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: example-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

创建角色绑定:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: example-role-binding
  namespace: default
subjects:
  - kind: "ServiceAccount"
    name: example-sa
roleRef:
  kind: Role
  name: example-role
  apiGroup: rbac.authorization.k8s.io

使用example-sa

kind: Pod
apiVersion: v1
metadata:
 name: example-pod
spec:
 serviceAccountName: example-sa
 containers:
 - name: secret-access-container
   image: example-image

窗格定义中最重要的行是serviceAccountName: example-sa.创建服务帐户并将此行添加到pod的定义中之后，您将可以通过/var/run/secrets/kubernetes.io/serviceaccount/token访问您的api访问令牌.

The most important line in pod definition is serviceAccountName: example-sa. After creating service account and adding this line to your pod's definition you will be able to access your api access token at /var/run/secrets/kubernetes.io/serviceaccount/token.

在此找到上面示例的更详细的版本.

Here you can find a little bit more detailed version of the above example.

这篇关于.kube/config如何使其可用于kubernetes中部署的rest服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！