How To Setup Kubernetes API Access Using Service Account

The best way to have API access to kubernetes cluster is through service accounts. This tutorial will guide you through the process of creating the service account, role and role binding to have API access to the kubernetes cluster

Setup Kubernetes API Access Using Service Account

Follow the steps given below for setting up the API access using the service account.

Note: If you are using GKE, you might need to run the following two commands to have access to create roles and rolebindings with your gcloud user.

Step 1: Create a service account named “api-service-account”

Step 2: Create a “clusterRole.yaml” file and copy the following contents. You can also get this yaml file from here.

Note: This yaml declaration has a role with full access to all cluster resources and a role binding to “api-service-account”. It is not recommended to create a service account with all cluster component access. You can refer to the list of resources and verbs from this page

READ  How to Setup Prometheus Monitoring On Kubernetes Cluster

Step 3: Get the secret name associated with the api-service-account

Step 4: Now, use the secret name you got in step 4 to get the base64 decoded token.

For example,

Ignore the “%” at the end of the token if you see one.

Step 5: Get the cluster endpoint to check the API access. The following command will display the cluster endpoint (IP, DNS).

Step 6: Now that you have the cluster endpoint and token for the service account, you can test the API connectivity using CURL or postman app.

For example,

ONLINE COURSE: The Complete Kubernetes Course

Learn how you can run, deploy, manage and maintain containerized Docker applications on Kubernetes

  • Learn to launch kubernetes cluster
  • Get started with Containerization of apps
  • Deploy applications on kubernetes cluster
  • Run stateful and stateless applications on containers

Free DevOps Resources

Get DevOps news, tutorials and resources in your inbox. A perfect way If you want to get started with devops. Like you, we dont like spam.