- serviceAccount 생성, namespace apps에(이미 존재)
- ClusterRole 생성
- 둘이 바인딩
- kubectl create serviceaccount cicd-token -n apps
- RBAC → kubectl create clusterrole
kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
수정
kubectl create clusterrole deployment-clusterrole --verb=create
--resource=deployment,statefulset,daemonset
=> 지정된 namespace 없으니 안 적어줌
=> 입력
- RBAC → kubectl create clusterrole
kubectl create clusterrolebinding myapp-view-binding --clusterrole=view
--serviceaccount=acme:myapp
=> acme:myapp => acme에 namespace, myapp에는 serviceaccount
수정
kubectl create clusterrolebinding deployment-clusterrolebinding --clusterrole=deployment-clusterrole
--serviceaccount=apps:cicd-token
- kubectl get clusterrolebinding -n apps deployment-clusterrole