风景
运维

K8s Tips 集合

DB

创建永久Service Accout Token

serviceAccount.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-deployer
  namespace: prod

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: deployer-role
  namespace: prod
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["get", "list", "patch", "update"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: deployer-binding
  namespace: prod
subjects:
  - kind: ServiceAccount
    name: gitlab-deployer
    namespace: prod
roleRef:
  kind: Role
  name: deployer-role
  apiGroup: rbac.authorization.k8s.io
deployer-token.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: gitlab-deployer-token
  namespace: prod
  annotations:
    kubernetes.io/service-account.name: gitlab-deployer
type: kubernetes.io/service-account-token
创建好后从 deployer-token.yaml 中的 secret 获取 token 字段值并 base64 解密得到最终的永久 token。

Related Posts

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

We use cookies to improve your experience on our website