当我尝试使用ServiceAccount进行部署时,即使设置了ClusterRole绑定,我也会得到Please enter Username-您知道为什么吗?
kubectl:
kubectl apply -f deployment.yaml
角色和绑定:
kubectl create clusterrole tutorial-role \
--verb=get,list,watch,create,update,patch,delete \
--resource=deployments
kubectl create clusterrolebinding tutorial-binding \
--clusterrole=tutorial-role \
--serviceaccount=default:tutorial-service
创建配置用户:
TOKEN=$(kubectl describe secrets "$(kubectl describe serviceaccount tutorial-service | grep -i Tokens | awk '{print $2}')" | grep token: | awk '{print $2}')
kubectl config set-credentials tutorialuser --token=$TOKEN
kubectl config set-context sausercontext --cluster=<my-cluster> --user=tutorialuser
kubectl config use-context sausercontext --namespace=default
部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: leeroy-web
labels:
app: leeroy-web
spec:
replicas: 1
selector:
matchLabels:
app: leeroy-web
template:
metadata:
labels:
app: leeroy-web
spec:
containers:
- name: leeroy-web
image: gcr.io/appsyouwear/leeroy-web
ports:
- containerPort: 8080
信息:
kubernetes % kubectl -v=8 apply -f deployment.yaml
I0111 13:57:05.950317 63261 loader.go:359] Config loaded from file /Users/username/.kube/config
Please enter Username:
您的Kubeconfig文件已被删除。kubeconfig的上下文和用户部分应如下所示。
contexts:
- context:
cluster: kubernetes
user: tutorialuser
name: sausercontext
users:
- name: tutorialuser
user:
token: <removed>