10-1 k8s认证及serviceacount
k8s有2类认证时的账号: 1 user account:也称为用户账号 2 serviceaccount:也称为服务账号,访问k8s 集群apiserver时用到的认证信息,包括用户名,账号,密码.... serviceaccount: 标准的k8s资源 # kubectl proxy --port=8080 # curl http://localhost:8080/api/v1/namespace # curl http://localhost:8080/apis/apps/v1/namespaces/kube-system # kubectl create serviceaccount myserviceaccount --dry-run # kubectl create serviceaccount myserviceaccount -o yaml --dry-run apiVserion:v1 kind: ServiceAccount metadata: creationTimestamp: null name: myserviceaccount # kubectl create serviceaccount myserviceaccount -oyaml --dry-run > myserviceaccount.yaml # kubectl create serviceaccount myserviceaccount # kubectl get serviceaccount # kubectl get secret pod使用serviceaccount: apiVersion: v1 kind: pod metadata: name: pod-sa namespace: default lablels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 port: - name: htttp containerPort: 80 serviceaccount: myserviceaccount