content-kubernetes-security/Authentication_Exercise_Command_summary at master · linuxacademy/content-kubernetes-security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Kubernetes Security
Authentication Exercise Commands Summary

To create a serviceaccount called jenkins, enter the following command:

$ kubectl create serviceaccount jenkins

You may display detailed information about the service account with the following command:

$ kubectl get serviceaccounts jenkins -o yaml

To see all secrets in the current namespace input:

$ kubectl get secrets

To interrogate further you may output yaml for a particular secret with this command:

$ kubectl get secret <token name from previous command> -o yaml

To see all serviceaccounts in the current namespace:

$ kubectl get serviceaccounts

To intterogate a serviceaccount:

$ kubectl describe serviceaccount jenkins

To run a pos under a specific serviceaccount, create a yaml file as follows:

You may use the editor to input the file or use wget to download it from the course github site.

apiVersion: v1
kind: Pod
metadata:
  name: ks-demo-pod
spec:
  serviceAccountName: jenkins
  containers:
  - name: shell
    image: alpine:3.7
	command:
	- "sh"
	- "-c"
	- "sleep 10000"

To run the pod, enter this command:

$ kubectl apply -f ks-demo-pod.yaml

You may interrogate the pod with the describe verb:

$ kubectl describe po/ks-demo-pod

To run a shell inside the container, input:

$ kubectl exec -it ks-demo-pod -- sh

Once inside the pod container, you may output the token with the following command:

/ # cat /var/run/secrets/kubernetes.io/serviceaccount/token