K
Q

Can I use Role and ServiceAccounts with several namespaces?

2/6/2019

I'm trying to connect my k8s cluster to my ceph cluster with this manual: https://akomljen.com/using-existing-ceph-cluster-for-kubernetes-persistent-storage/

I want to deploy rbd-provision pods into kube-system namespace like this https://paste.ee/p/C1pB4

After deploying pvc I get errors because my pvc is in default namespace. Can I do with that anything? I read docs and if I'm right I can't use ServiceAccount with 2 ns, or can?

-- Kirill Ponomarev
bare-metal-server
kubernetes
service-accounts

Similar Questions

Kubernetes: What kinds of system aspects should I inspect in the endpoint that serves my readiness probe
Helm Kubernetes setup mysql with NodeJs application
Connection refused communicating between pods
Kubernetes probe without blocking requests to POD on failure

2 Answers

2/6/2019

No. Service account is namespaced object and it is limited to particular namespace only

-- Rajesh Deshpande
Source: StackOverflow
2/7/2019

Service accounts can be granted permissions in another namespace.

For example, within the namespace "acme", grant the permissions in the view ClusterRole to the service account in the namespace "acme" named "myapp" :

kubectl create rolebinding myapp-view-binding \
  --clusterrole=view --serviceaccount=acme:myapp \
  --namespace=acme
-- Jordan Liggitt
Source: StackOverflow