kubernetes 使用服务帐户创建 pod
[英]kubernetes creation of pod using service account
问题描述
I am assuming, because pod contains service account ( by default mounting default service account), pod is being created.
我假设,因为 pod 包含服务帐户(默认安装默认服务帐户),正在创建 pod。
If i do autoMountServiceAccountToken as false, then also my pod is creating.如果我将 autoMountServiceAccountToken 设置为 false,那么我的 pod 也在创建。 In that case how authentication happening?在那种情况下,身份验证如何发生?
kubectl command ( client ) + service account token --> requesting to create pod -> server is validating and accepting request to create the pod. kubectl 命令(客户端)+ 服务帐户令牌 --> 请求创建 pod -> 服务器正在验证并接受创建 pod 的请求。
is my understand wrong?我的理解错了吗?
1 个解决方案
解决方案1
0 2022-09-11 08:06:18
To check which actions can be performed in an cluster, below command can be executed.要检查可以在集群中执行哪些操作,可以执行以下命令。 If it return yes then pods can be created.如果返回是,则可以创建 pod。
kubectl auth can-i create <resource-name>
kubectl auth can-i create pod
To understand more details or restrict to creation of resources in cluster please refer Authentication , Authorisation documentation and also ServiceAccount要了解更多详细信息或限制在集群中创建资源,请参阅Authentication 、 Authorization文档以及ServiceAccount
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.