create Open SHift new service accoutn use yaml file - unix1998/technical_notes GitHub Wiki

Yes, you can define a new service account and bind roles to it using a YAML file and then apply this configuration using oc apply -f. This method is efficient and allows you to version control your configurations.

Here is an example of how you can create a YAML file to define a new service account and bind roles to it.

Example YAML File (new_service_user.yaml)

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins-deployer
  namespace: my-project
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins-deployer-binding
  namespace: my-project
subjects:
- kind: ServiceAccount
  name: jenkins-deployer
  namespace: my-project
roleRef:
  kind: ClusterRole
  name: edit
  apiGroup: rbac.authorization.k8s.io

Steps to Apply the Configuration

1. Create the YAML File: Save the above content into a file named new_service_user.yaml.

2. Apply the YAML Configuration: Run the following command to create the service account and role binding.

   oc apply -f new_service_user.yaml
   

Breakdown of the YAML File

1. ServiceAccount: This section defines a new service account named jenkins-deployer in the my-project namespace.

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: jenkins-deployer
     namespace: my-project
   

2. RoleBinding: This section binds the edit role to the jenkins-deployer service account within the my-project namespace.

   apiVersion: rbac.authorization.k8s.io/v1
   kind: RoleBinding
   metadata:
     name: jenkins-deployer-binding
     namespace: my-project
   subjects:
   - kind: ServiceAccount
     name: jenkins-deployer
     namespace: my-project
   roleRef:
     kind: ClusterRole
     name: edit
     apiGroup: rbac.authorization.k8s.io
   

Additional Notes

• Namespace: Ensure the namespace fields are correctly set to the namespace where you want the service account and role binding to be created.
• ClusterRole: The roleRef section specifies the edit ClusterRole. Adjust this if you need a different role.

Applying the Configuration

By using oc apply -f new_service_user.yaml, OpenShift will create the service account and bind the specified role to it. You can then retrieve the service account token and configure Jenkins with it as described previously.

This method is efficient for managing configurations and ensures that all necessary resources are created and bound correctly in a single operation.