Can I connect one service account to multiple namespaces in Kubernetes?
You can simply reference a ServiceAccount from another namespace in the RoleBinding:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: pod-reader
namespace: ns2
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-reader-from-ns1
namespace: ns2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-reader
subjects:
- kind: ServiceAccount
name: ns1-service-account
namespace: ns1
![rahul](https://i.stack.imgur.com/cUtzc.jpg?s=256&g=1)
rahul
Specialities: ★ Presently playing with Automation in Containers - Concourse, Pivotal Cloud Foundry, Netflix OSS and GoLang ★ Application and Solutions Architecture in heterogenous and complex environment. Love patterns and building distributed architecture for hyper-scale needs. ★ Serverside Javascript - NodeJS. Experimenting with node-harmony (ES6) ★ Front End Javascript Frameworks like AngularJS, Knockout, PureMVC, Backbone etc ★ Learning GoLang and Python ★ MVC and MVVM patterns using .Net, Node PHP and Java ★ SQL and No SQL Database (SQL Server, MySQL & MariaDB, Postgres, Mongo, Rethink, Cassandra, Redis) ★ Product/Project Development Methodology - Agile/SCRUM. Played Product Owner, Agile Coach and ScrumMaster role in multiple organizations. ★ Analytic (Location Based, Predictive Modelling) Domains: ★ IT Governance & Strategy ★ E-Commerce, Reward, Loyalty and Bulk Buying ★ Retail Banking and Insurance ★ Electronic Data Discovery Examples of products I built lately: ★ End to end E-Commerce and Reward platform built in AngularJS, NodeJS, MongoDB, MySQL, WebAPI and deployed in AWS, EC2, S3. ★ Complete reward management platform for one of the largest foot-ware company in India. Application spans across modules like: SMS Gateway Email Gateway Email and SMS campaign Management Sales & Incentive tracking over email, sms, IVR Reward Management (including points management and online redemption) End to end Call Center Management Whole solution is built in angular/node/postgres/redis/mongodb and running in AWS under LoadBalancer ★ Tablet based Remote Patient Monitoring product using WinJS, NodeJS, IndexedDB etc that integrates with devices like EKG, Pulse Oxometer, Weight machine, Blood Glucose Monitor etc for a large Midwest Hospital chain . ★ Tablet based Senior Care product using JQ. JQM and KO, PHP, MySQL, PhoneGap. ★ Re-engineered asp.net product (40K+ concurrent customers from around 1500+ accounts). ★ Owned and built complex loyalty platform in Microsoft that integrated multiple licensing, OEM and MDM store and delivered integrated payout, ★ Built mobility strategy landscape (using SAP E&M, Sybase 365 (Mobiliser)) in ANZ bank for their worldwide mobility roll out. Interest: Build a technology driven business that lasts
Updated on March 24, 2020Comments
-
rahul over 4 years
I have couple of namespaces - assume
NS1
andNS2
. I have serviceaccounts created in those -sa1
inNS1
andsa2
inNS2
. I have created roles and rolebindings forsa1
to do stuff withinNS1
andsa2
withinNS2
. What I want is givesa1
certain access withinNS2
(say only Pod Reader role).I am wondering if that's possible or not?