9 lines
3.6 KiB
HTML
9 lines
3.6 KiB
HTML
<html><head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>142. Security Configurations Inside Kubernetes</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_kubernetes.html" title="Part XVII. Spring Cloud Kubernetes"><link rel="prev" href="multi__leader_election.html" title="141. Leader Election"><link rel="next" href="multi__service_registry_implementation.html" title="143. Service Registry Implementation"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">142. Security Configurations Inside Kubernetes</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi__leader_election.html">Prev</a> </td><th width="60%" align="center">Part XVII. Spring Cloud Kubernetes</th><td width="20%" align="right"> <a accesskey="n" href="multi__service_registry_implementation.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="_security_configurations_inside_kubernetes" href="#_security_configurations_inside_kubernetes"></a>142. Security Configurations Inside Kubernetes</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_namespace" href="#_namespace"></a>142.1 Namespace</h2></div></div></div><p>Most of the components provided in this project need to know the namespace. For Kubernetes (1.3+), the namespace is made available to the pod as part of the service account secret and is automatically detected by the client.
|
|
For earlier versions, it needs to be specified as an environment variable to the pod. A quick way to do this is as follows:</p><div class="informalexample"><pre class="screen"> env:
|
|
- name: "KUBERNETES_NAMESPACE"
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: "metadata.namespace"</pre></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_service_account" href="#_service_account"></a>142.2 Service Account</h2></div></div></div><p>For distributions of Kubernetes that support more fine-grained role-based access within the cluster, you need to make sure a pod that runs with <code class="literal">spring-cloud-kubernetes</code> has access to the Kubernetes API.
|
|
For any service accounts you assign to a deployment or pod, you need to make sure they have the correct roles. For example, you can add <code class="literal">cluster-reader</code> permissions to your <code class="literal">default</code> service account, depending on the project you’re in.</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi__leader_election.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_kubernetes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="multi__service_registry_implementation.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">141. Leader Election </td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top"> 143. Service Registry Implementation</td></tr></table></div></body></html> |