如何在Kubernetes窗格中指定Google服务帐户
[英]How to specify Google service account in Kubernetes pod
问题描述
I am deploying a Spring Boot application inside a Kubernetes pod on Google Cloud Platform. 
我正在Google Cloud Platform的Kubernetes容器内部署Spring Boot应用程序。
I don't want to use the Compute Engine default service account in our pod. 我不想在我们的广告连播中使用Compute Engine默认服务帐户。
How and where can we specify a Google service account for our pod? 我们如何以及在何处为广告连播指定Google服务帐户?
3 个解决方案
解决方案1
1 2019-06-28 02:20:34
Harold's suggestion to configure service account credentials in the pod as a secret is good and has been the recommended method for quite a while now. Harold建议将Pod中的服务帐户凭据配置为机密是很好的建议,并且已经有很长时间了。 However, Google recently introduced Workload Identity which allows you to link a k8s service account with a GCP IAM service account, you can then have your pod run with said k8s service account and use the IAM permissions that go with it 但是,Google最近推出了Workload Identity ,它允许您将k8s服务帐户与GCP IAM服务帐户相关联,然后可以使用上述k8s服务帐户运行pod并使用其附带的IAM权限
解决方案2
0 2019-06-26 13:24:30
Assuming that you already have a Role and RoleBinding referring to your service account, all you need to do is to create a context with apropriate service account as described here 假定您已经具有引用服务帐户的Role和RoleBinding ,那么您要做的就是使用此处描述的适当的服务帐户创建上下文。
And then you just switch to this context 然后您只需切换到此上下文
kubectl config use-context default-context
For more details on how to manage contexts check the documentation 有关如何管理上下文的更多详细信息,请参阅文档
解决方案3
0 已采纳 2019-06-26 15:52:52
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.