sa - cluster role - cluster role binding

Service account-cluster role - cluster role binding

Create a service account in the web namespace called webautomation.

Create a ClusterRole called pod-reader that has get, watch, and list access to all Pods.

Bind the ClusterRole to the Service Account to Only Read Pods in the web Namespace

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: webautomation
  namespace: web
  
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  # "namespace" omitted since ClusterRoles are not namespaced
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
  
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: webautomation-binding
subjects:
- kind: ServiceAccount
  name: webautomation # Name is case sensitive
  namespace: web
roleRef:
  kind: ClusterRole
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

PreviousPo - Deploy - svc examples NextSidecar

Last updated 3 years ago

Was this helpful?