Skip to main content

Service Account Setup

  1. Generate an service account
kubectl create serviceaccount mysa -n hoopdev
  1. Create a new token
kubectl create token mysa -n hoopdev
  1. Assign RBAC permissions
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: mysa-role
  namespace: hoopdev
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: mysa-binding
  namespace: hoopdev
subjects:
  - kind: ServiceAccount
    name: mysa
    namespace: hoopdev
roleRef:
  kind: Role
  name: mysa-role
  apiGroup: rbac.authorization.k8s.io
EOF
Now the Hoop resource will have access to:
  • List Pods
  • Get Pods
  • Watch Pods