How to Configure a Website to Access Kubernetes Pods
Husanpreet Singh
Help To Deploy Applications With DevOps Engineer Practices | AWS DevOps | Docker | kubernetes | Jenkins | Python 5??| Git |Terraform | Recommended
This guide will walk you through the steps required to configure a website to access Kubernetes pods . The process includes creating a service account, establishing a pod-reading role, and binding the service account with the role. There are two ways to achieve this: creating a token each time, and mounting the service account with the website deployment pod.
Let's proceed with the steps:
## Prerequisites
- Access to a Kubernetes cluster with administrative privileges.
- kubectl command-line tool installed and configured to communicate with your Kubernetes cluster.
Website Without permission:
## Step 1: Create a Service Account (dashboard-sa)
First, create a service account named dashboard-sa in the namespace where you want your website to access pods:
kubectl create serviceaccount dashboard-sa --namespace <your-namespace>
Replace <your-namespace> with the namespace in which your website will be running.
## Step 2: Create a Pod-Reading Role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
namespace: <your-namespace>
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
Next, create a role with permissions to read pods in the specified namespace:
Again, replace <your-namespace> with the namespace in which your website will be running.
## Step 3: Bind the Service Account with the Pod-Reading Role
Now, bind the dashboard-sa service account with the pod-reader role using a RoleBinding:
领英推è
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-reader-binding
namespace: <your-namespace>
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-reader
subjects:
- kind: ServiceAccount
name: dashboard-sa
namespace: <your-namespace>
Replace <your-namespace> with your desired namespace.
## Step 4: Access Pods Using a Token (First Way)
To access the cluster using a token:
1. Get the token for the dashboard-sa service account:
kubectl create token dashboard-sa
2. Use the token to authenticate your website or dashboard. You can pass it in the HTTP request headers, as part of the request.
## Step 5: Mount the Service Account with the Website Deployment Pod (Second Way)
To use the service account directly with the website deployment pod:
1. Edit your website deployment YAML file, and specify the serviceAccountName as dashboard-sa in the pod spec:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-website-deployment
namespace: <your-namespace>
spec:
...
template:
spec:
serviceAccountName: dashboard-sa
...
2. Deploy your website with the updated deployment file:
kubectl apply -f your-website-deployment.yaml
Now, the website deployment pod will use the dashboard-sa service account for authentication.
By following these steps, your website should now have the necessary permissions and configuration to access pods within your specified namespace.