Cloud TAP - Creating token for Supervisor access
Create the following YAML file:
- required-rights.yml
apiVersion: v1 kind: Namespace metadata: name: profitap --- apiVersion: v1 kind: ServiceAccount metadata: name: my-sa1 namespace: profitap --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: my-cluster-role rules: - apiGroups: [""] resources: ["pods"] verbs: ["delete", "list", "create"] - apiGroups: [""] resources: ["nodes"] verbs: ["list"] - apiGroups: [""] resources: ["services", "namespaces"] verbs: ["delete", "create"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "delete", "create"] - apiGroups: [""] resources: ["serviceaccounts/token"] verbs: ["create"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["create", "delete"] - apiGroups: ["networking.k8s.io"] resources: ["ingressclasses"] verbs: ["list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: my-cluster-role-binding subjects: - kind: ServiceAccount name: my-sa1 namespace: profitap roleRef: kind: ClusterRole name: my-cluster-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Secret metadata: name: my-sa1-token annotations: kubernetes.io/service-account.name: my-sa1 namespace: profitap type: kubernetes.io/service-account-token
Run the file. It will create a service account with the required rights, secret and token.
kubectl apply -f required-rights.yml
Extract the bearer token from a Kubernetes Secret that stores a ServiceAccount token.
kubectl get secret my-sa1-token -n profitap -o jsonpath='{.data.token}' | base64 --decode
The following command is an alternative to the one above for extracting the bearer token:
kubectl describe secret my-sa1-token -n profitap