OpenShift - Create Service Accounts

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

By default, a Service Account will not be assign a Role Binding or a Cluster Role Binding or a Security Context Constraint (SCC). Typically, Service Accounts are associated with a Security Context Constraint (SCC) and then one or more deployments are configured have the Service Account to control certain things that the deployment is and is not allowed to do. Check out my article Run a deployment with a Service Account and Security Context Constraint.

The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.

~]$ oc create serviceaccount my-service-account
serviceaccount/my-service-account created

 

Or, a JSON or YAML file that contains key value pairs used to create an object, such as a config map, deployment, a project, a pod, a route, a secret, a service, et cetera. These files are known as templates. The oc explain command can be used to get the list of keys that can be used in the JSON or YAML template file.

oc explain serviceaccount

 

And then more details on each key can be displayed.

oc explain serviceaccount.metadata

 

For example, let's say you have a YAML file named serviceaccount.yml that contains the following markup.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account

 

The oc apply or oc create command with the -f or --filename option can be used to create the pod using the template JSON or YAML file.

The oc replace command can be used to replace a pod using a new or updated template JSON or YAML file.

The oc edit command can be used to update a pods template YAML file.

~]$ oc create -f serviceaccount.yml 
serviceaccount/my-service-account created

 

The oc get serviceaccounts (or just oc get sa) command can be used to list the Service Accounts that have been created in the current project / namespace.

~]$ oc get serviceaccounts
NAME                  SECRETS   AGE
default               2         388d
my-servie-account     2         112s

 

The oc describe serviceaccount command can be used to show more details of a specific Service Account.

~]$ oc describe serviceaccount my-service-account
Name:                my-service-account
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  my-service-account-dockercfg-57b6r
Mountable secrets:   my-service-account-token-sfrpr
                     my-service-account-dockercfg-57b6r
Tokens:              my-service-account-token-6x45k
                     my-service-account-token-sfrpr
Events:              <none>

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter d9ac8 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |