Hi All
Does anybody know the exact requirements (roles, privilleges, namespace, whatever) for a Kubernetes Service Account? Documentation skips over that part and Support so far was unable to answer this.
Thanks,
Stefan
Hi All
Does anybody know the exact requirements (roles, privilleges, namespace, whatever) for a Kubernetes Service Account? Documentation skips over that part and Support so far was unable to answer this.
Thanks,
Stefan
Best answer by Manoranjan Reddy
Roles : Should be cluster-admin role #2
Namespace: Can be anything, default is used in below example. Use suffix -n NS001 to kubectl commands to use service account in a different namespace, say NS001
Use below commands for creating service account with required clusterrolebindings to use for backup and restore with Commvault.
1) #Create service account named cvbackup
kubectl create serviceaccount cvbackup
2) #Create clusterrolebinding
kubectl create clusterrolebinding default-sa-crb --clusterrole=cluster-admin --serviceaccount=default:cvbackup
TOKENNAME=`kubectl get sa/cvbackup -o jsonpath='{.secrets[0].name}'`
TOKEN=`kubectl get secret $TOKENNAME -o jsonpath='{.data.token}'| base64 --decode`
3) #Prints token
echo $TOKEN
In this case cvbackup is the Service Account and output from #3 is token to be used at time of adding cluster in Command Center
We’ll update documentation to improve missing pieces.
Thanks
Manoranjan Reddy
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.