If the service account that is used to configure the data collector does not have access to Kubernetes resources through Kubernetes API, you must first the service account with appropriate access.

About this task

The following procedure authorizes the service account using Role-Based Access Control (RBAC) authorization. For other authorization methods, refer to Kubernetes documentation.

Procedure

  1. Create a rolebinding.yaml file to bind the service account to a Role or a ClusterRole that has access to query Kubernetes resources in the RBAC mode.

    The following example binds the system:serviceaccount:ops-am:default account to the admin ClusterRole.

    kind: RoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: get-pods
      namespace: ops-am
    subjects:
    - kind: User
      name: system:serviceaccount:ops-am:default
      apiGroup: rbac.authorization.k8s.io
    roleRef:
      kind: ClusterRole
      name: admin
      apiGroup: rbac.authorization.k8s.io
  2. Run the following command:
    kubectl create -f rolebinding.yaml
  3. Create a clusterrolebinding.yaml file to bind the service account to a ClusterRole that has access to query Kubernetes resources in the RBAC mode.

    The following example binds the system:serviceaccount:ops-am:default account to the cluster-admin ClusterRole.

    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: list-cluster
    subjects:
    - kind: User
      name: system:serviceaccount:ops-am:default
      apiGroup: rbac.authorization.k8s.io
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
  4. Run the following command:
    kubectl create -f clusterrolebinding.yaml

Join The Discussion

Your email address will not be published. Required fields are marked *