Replies: 3 comments 2 replies
-
It's an old thread so not sure if helpful to you but sharing for the community here. You don't have to give the role to all service account's if that's not required. You can use something like this to give this to a particular user or a service account.
|
Beta Was this translation helpful? Give feedback.
-
Hi Ray! Also felt concerned about simply giving all service accounts cluster-admin, so did what @aashu4uiit recommended. Created a new service account specifically for my Ocelot API gateway, then added a ClusterRoleBinding of the "cluster-admin" cluster role to this new service account. Lastly, I referenced this service account in the deployment part of my manifest:
Note that in my case, I also have an Ingress in front of the Ocelot gateway. Ideally, I'd actually look into what permissions Ocelot needs and then reduce the scope of the service account accordingly. That's on my backlog. 😜 |
Beta Was this translation helpful? Give feedback.
-
Hi Ray! |
Beta Was this translation helpful? Give feedback.
-
Hello,
I came across
Ocelot
for running it as API gateway in Kubernetes cluster. I was going throughKubernetes
documentation and I noticed that I have to execute below command to allow pod access toapi
server.Is above command necessary to expose all service accounts to have cluster admin privileges to api server? Below is what I read from
kubernetes
site.Bit concerned about executing above command to allow ocelot pod to access api server.
Kubernetes
RBAC is not my strongest suit so wanted to check if anyone was able to modify above command with least privilege access?Thanks,
Ray
Beta Was this translation helpful? Give feedback.
All reactions