如何在部署上配置非默认serviceAccount [英] How to configure a non-default serviceAccount on a deployment

问题描述

我对此文档页面的理解是，我可以使用Pods配置服务帐户，并希望还可以进行部署，因此我可以访问Kubernetes 1.6+中的k8s API.为了不更改或使用默认帐户，我想创建服务帐户并将证书安装到部署的吊舱中.

My Understanding of this doc page is, that I can configure service accounts with Pods and hopefully also deployments, so I can access the k8s API in Kubernetes 1.6+. In order not to alter or use the default one I want to create service account and mount certificate into the pods of a deployment.

如何为部署实现本示例中类似的内容?

How do I achieve something similar like in this example for a deployment?

apiVersion: v1
kind: Pod
metadata:
   name: my-pod
spec:
  serviceAccountName: build-robot
  automountServiceAccountToken: false

推荐答案

由于您还将需要在Deployment中指定"podSpec"，因此您应该能够以相同的方式配置服务帐户.像这样:

As you will need to specify 'podSpec' in Deployment as well, you should be able to configure the service account in the same way. Something like:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-deployment
spec:
  template:
    # Below is the podSpec.
    metadata:
      name: ...
    spec:
      serviceAccountName: build-robot
      automountServiceAccountToken: false
      ...

这篇关于如何在部署上配置非默认serviceAccount的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！