k8s有2类认证时的账号:
1 user account:也称为用户账号
2 serviceaccount:也称为服务账号,访问k8s 集群apiserver时用到的认证信息,包括用户名,账号,密码....
serviceaccount: 标准的k8s资源
# kubectl proxy --port=8080
# curl http://localhost:8080/api/v1/namespace
# curl http://localhost:8080/apis/apps/v1/namespaces/kube-system
# kubectl create serviceaccount myserviceaccount --dry-run
# kubectl create serviceaccount myserviceaccount -o yaml --dry-run
apiVserion:v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: myserviceaccount
# kubectl create serviceaccount myserviceaccount -oyaml --dry-run > myserviceaccount.yaml
# kubectl create serviceaccount myserviceaccount
# kubectl get serviceaccount
# kubectl get secret
pod使用serviceaccount:
apiVersion: v1
kind: pod
metadata:
name: pod-sa
namespace: default
lablels:
app: myapp
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
port:
- name: htttp
containerPort: 80
serviceaccount: myserviceaccount
