Files
spring-cloud-static/Greenwich.SR3/multi/multi__security_configurations_inside_kubernetes.html
2019-09-11 20:32:25 -04:00

9 lines
3.6 KiB
HTML

<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>142.&nbsp;Security Configurations Inside Kubernetes</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_kubernetes.html" title="Part&nbsp;XVII.&nbsp;Spring Cloud Kubernetes"><link rel="prev" href="multi__leader_election.html" title="141.&nbsp;Leader Election"><link rel="next" href="multi__service_registry_implementation.html" title="143.&nbsp;Service Registry Implementation"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">142.&nbsp;Security Configurations Inside Kubernetes</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi__leader_election.html">Prev</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;XVII.&nbsp;Spring Cloud Kubernetes</th><td width="20%" align="right">&nbsp;<a accesskey="n" href="multi__service_registry_implementation.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="_security_configurations_inside_kubernetes" href="#_security_configurations_inside_kubernetes"></a>142.&nbsp;Security Configurations Inside Kubernetes</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_namespace" href="#_namespace"></a>142.1&nbsp;Namespace</h2></div></div></div><p>Most of the components provided in this project need to know the namespace. For Kubernetes (1.3+), the namespace is made available to the pod as part of the service account secret and is automatically detected by the client.
For earlier versions, it needs to be specified as an environment variable to the pod. A quick way to do this is as follows:</p><div class="informalexample"><pre class="screen"> env:
- name: "KUBERNETES_NAMESPACE"
valueFrom:
fieldRef:
fieldPath: "metadata.namespace"</pre></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_service_account" href="#_service_account"></a>142.2&nbsp;Service Account</h2></div></div></div><p>For distributions of Kubernetes that support more fine-grained role-based access within the cluster, you need to make sure a pod that runs with <code class="literal">spring-cloud-kubernetes</code> has access to the Kubernetes API.
For any service accounts you assign to a deployment or pod, you need to make sure they have the correct roles. For example, you can add <code class="literal">cluster-reader</code> permissions to your <code class="literal">default</code> service account, depending on the project you&#8217;re in.</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi__leader_election.html">Prev</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_kubernetes.html">Up</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="multi__service_registry_implementation.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">141.&nbsp;Leader Election&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top">&nbsp;143.&nbsp;Service Registry Implementation</td></tr></table></div></body></html>