본문 바로가기
자격증/CKA

[CKA] ServiceAccount Role Binding

후드리챱챱 2023. 5. 1. 23:50
반응형

[문제]

- Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types: Deployment StatefulSet DaemonSet
- Create a new ServiceAccount named cicd-token in the existing in the existing namespace apps.
- Bind the new Cluster Role deployment-clusterrole to the new ServiceAccount cicd-token, limited to the namespace apps.

 

[풀이]

ServiceAccount 생성

아래 링크 참고 serviceaccount 생성 진행

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#scale

# kubectl create serviceaccount cicd-token -n apps
serviceaccount/cicd-token created

# kubectl get serviceaccounts -n apps
NAME         SECRETS   AGE
cicd-token   0         12s
default      0         29m
pod-access   0         29m

 

ClusterRole 생성

아래 링크 참고 ClusterRole 생성 진행

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-clusterrole

# kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployment,statefulSet,daemonSet
clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created

# kubectl get clusterrole deployment-clusterrole
NAME                     CREATED AT
deployment-clusterrole   2023-05-01T14:45:46Z

# kubectl describe clusterrole deployment-clusterrole
Name:         deployment-clusterrole
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources          Non-Resource URLs  Resource Names  Verbs
  ---------          -----------------  --------------  -----
  daemonsets.apps    []                 []              [create]
  deployments.apps   []                 []              [create]
  statefulsets.apps  []                 []              [create]

 

ClusterRoleBinding 생성

아래 링크 참고 ClusterRole 생성 진행

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-clusterrolebinding

# kubectl create clusterrolebinding deployment-clusterrole-binding --clusterrole=deployment-clusterrole --serviceaccount=apps:cicd-token -n apps
clusterrolebinding.rbac.authorization.k8s.io/deployment-clusterrole-binding created

# kubectl get clusterrolebindings deployment-clusterrole-binding
NAME                             ROLE                                 AGE
deployment-clusterrole-binding   ClusterRole/deployment-clusterrole   13s

# kubectl describe clusterrolebindings deployment-clusterrole-binding
Name:         deployment-clusterrole-binding
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  deployment-clusterrole
Subjects:
  Kind            Name        Namespace
  ----            ----        ---------
  ServiceAccount  cicd-token  apps

 

 

[참고]

- 유투브 따배씨

반응형

'자격증 > CKA' 카테고리의 다른 글

[CKA] Network Policy  (0) 2023.05.02
[CKA] Kube-DNS  (0) 2023.05.02
[CKA] ServiceAccount Role Binding  (0) 2023.05.01
[CKA] User Cluster Role Binding  (0) 2023.05.01
[CKA] User Role Binding  (0) 2023.04.29

'자격증/CKA' Related Articles

티스토리툴바