K
Q

how to assign only 1 secret key in Cluster Role?

4/6/2019

how to assign only 1 secret key in Cluster Role ? Please go through my below code, say I have multiple secrets and I want to give access to only 1 secret among via service account so how can I achieve ? if not possible and its possible only by mentioning secret key in manifest file directly without secret account then what is the use of secret account I want to know.

   # A role for reading/listing secrets
     apiVersion: rbac.authorization.k8s.io/v1beta1
     kind: ClusterRole
     metadata:
     name: secret-access-cr
     rules:
     - apiGroups: [""] # "" indicates the core API group
     resources: ["secrets"] verbs: ["get", "list"]

Please help.

-- sudhir tataraju
kubernetes

Similar Questions

Why POD is the fundamental unit of deployment instead of containers?
example on how to docker push to docker-registry running in kubernetes
two Loadbalancing in kubernetes
How to configure kubernetes (microk8s) to use local docker images?
How to send http requests to the kubelet api server
Database access problems from Kubernetes pod

1 Answer

4/8/2019

One of the example how you can use clusterrole binding and how to alllow/deny access to the API resources from within the POD using ClusterRole, ServiceAccount and RoleBinding process you can find in this tutorial:

https://developer.ibm.com/recipes/tutorials/service-accounts-and-auditing-in-kubernetes/

Community related information:
Kubernetes namespace default service account
Shortly please create:

  1. secrets,
  2. namespace, for your deployment
  3. service account,
  4. clusterrole,
  5. rolebinding,
  6. assign your serviceAccountNames to different PODS or deployments.

More infomration about https://kubernetes.io/docs/reference/access-authn-authz/rbac/

-- Hanx
Source: StackOverflow