1. How many Service Accounts exist in the default namespace?
Run the command kubectl get serviceaccounts
and count the number of accounts.
2. The application needs a ServiceAccount with the Right permissions to be created to authenticate to Kubernetes. The default
ServiceAccount has limited access. Create a new ServiceAccount named dashboard-sa
.
Run the command kubectl create serviceaccount dashboard-sa
We just added additional permissions for the newly created dashboard-sa
account using RBAC.
If you are interested checkout the files used to configure RBAC at /var/rbac
. We will discuss RBAC in a separate section.
3. You shouldn’t have to copy and paste the token each time. The Dashboard application is programmed to read token from the secret mount location. However currently, the default
service account is mounted. Update the deployment to use the newly created ServiceAccount
Edit the deployment to change ServiceAccount from default
to dashboard-sa
.
Use the kubectl edit
command for the deployment and specify the serviceAccountName
field inside the pod spec.
OR
Make use of the kubectl set
command. Run the following command to use the newly created service account: – kubectl set serviceaccount deploy/web-dashboard dashboard-sa
apiVersion: apps/v1 kind: Deployment metadata: name: web-dashboard namespace: default spec: replicas: 1 selector: matchLabels: name: web-dashboard strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: web-dashboard spec: serviceAccountName: dashboard-sa containers: - image: gcr.io/kodekloud/customimage/my-kubernetes-dashboard imagePullPolicy: Always name: web-dashboard ports: - containerPort: 8080 protocol: TCP