Skip to content

Exercices Kubernetes - TP5

Exercice 1

Créez un service account et mapper un role qui lui permet de faire les 3 actions de lectures des pods, unqiuement de son namespace.

Mappez ce Service account sur un pod basique.

Voir la correction 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pod-reader-sa
---

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
subjects:
- kind: ServiceAccount
  name: pod-reader-sa
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
---

apiVersion: v1
kind: Pod
metadata:
  name: pod-tp5
spec:
  serviceAccountName: pod-reader-sa
  containers:
  - name: container-tp5
    image: busybox
    command: ["sh", "-c", "sleep 3600"]