10-1 k8s认证及serviceacount

k8s有2类认证时的账号: 
1 user account:也称为用户账号
2 serviceaccount:也称为服务账号,访问k8s 集群apiserver时用到的认证信息,包括用户名,账号,密码....


serviceaccount: 标准的k8s资源
# kubectl proxy --port=8080
# curl http://localhost:8080/api/v1/namespace
# curl http://localhost:8080/apis/apps/v1/namespaces/kube-system

# kubectl create serviceaccount myserviceaccount  --dry-run
# kubectl create serviceaccount myserviceaccount  -o yaml --dry-run
apiVserion:v1
kind: ServiceAccount
metadata:
    creationTimestamp: null
    name: myserviceaccount
# kubectl create serviceaccount myserviceaccount  -oyaml --dry-run > myserviceaccount.yaml
# kubectl create serviceaccount myserviceaccount 
# kubectl  get serviceaccount
# kubectl get secret 

pod使用serviceaccount:
apiVersion: v1
kind: pod
metadata: 
    name: pod-sa
    namespace: default
    lablels: 
        app: myapp
spec:
    containers:
    - name: myapp
      image: ikubernetes/myapp:v1
      port: 
      - name: htttp
          containerPort: 80
    serviceaccount: myserviceaccount

 

posted @ 2022-11-14 23:51  Sky-wings  阅读(63)  评论(0编辑  收藏  举报