Can I connect one service account to multiple namespaces in Kubernetes?

kubernetes openshift kubectl rbac kubernetes-namespace
20,522

You can simply reference a ServiceAccount from another namespace in the RoleBinding:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: pod-reader
  namespace: ns2
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pod-reader-from-ns1
  namespace: ns2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pod-reader
subjects:
- kind: ServiceAccount
  name: ns1-service-account
  namespace: ns1
Share:
20,522
rahul
Author by

rahul

Specialities: ★ Presently playing with Automation in Containers - Concourse, Pivotal Cloud Foundry, Netflix OSS and GoLang ★ Application and Solutions Architecture in heterogenous and complex environment. Love patterns and building distributed architecture for hyper-scale needs. ★ Serverside Javascript - NodeJS. Experimenting with node-harmony (ES6) ★ Front End Javascript Frameworks like AngularJS, Knockout, PureMVC, Backbone etc ★ Learning GoLang and Python ★ MVC and MVVM patterns using .Net, Node PHP and Java ★ SQL and No SQL Database (SQL Server, MySQL & MariaDB, Postgres, Mongo, Rethink, Cassandra, Redis) ★ Product/Project Development Methodology - Agile/SCRUM. Played Product Owner, Agile Coach and ScrumMaster role in multiple organizations. ★ Analytic (Location Based, Predictive Modelling) Domains: ★ IT Governance & Strategy ★ E-Commerce, Reward, Loyalty and Bulk Buying ★ Retail Banking and Insurance ★ Electronic Data Discovery Examples of products I built lately: ★ End to end E-Commerce and Reward platform built in AngularJS, NodeJS, MongoDB, MySQL, WebAPI and deployed in AWS, EC2, S3. ★ Complete reward management platform for one of the largest foot-ware company in India. Application spans across modules like: SMS Gateway Email Gateway Email and SMS campaign Management Sales & Incentive tracking over email, sms, IVR Reward Management (including points management and online redemption) End to end Call Center Management Whole solution is built in angular/node/postgres/redis/mongodb and running in AWS under LoadBalancer ★ Tablet based Remote Patient Monitoring product using WinJS, NodeJS, IndexedDB etc that integrates with devices like EKG, Pulse Oxometer, Weight machine, Blood Glucose Monitor etc for a large Midwest Hospital chain . ★ Tablet based Senior Care product using JQ. JQM and KO, PHP, MySQL, PhoneGap. ★ Re-engineered asp.net product (40K+ concurrent customers from around 1500+ accounts). ★ Owned and built complex loyalty platform in Microsoft that integrated multiple licensing, OEM and MDM store and delivered integrated payout, ★ Built mobility strategy landscape (using SAP E&M, Sybase 365 (Mobiliser)) in ANZ bank for their worldwide mobility roll out. Interest: Build a technology driven business that lasts

Updated on March 24, 2020

Comments

  • rahul
    rahul over 4 years

    I have couple of namespaces - assume NS1 and NS2. I have serviceaccounts created in those - sa1 in NS1 and sa2 in NS2. I have created roles and rolebindings for sa1 to do stuff within NS1 and sa2 within NS2. What I want is give sa1 certain access within NS2 (say only Pod Reader role).

    I am wondering if that's possible or not?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ServiceAccount cannot list resource "pods" in namespace though it has role with appropriate resources
How to view members of subject with Group kind
how to check whether RBAC is enabled, using kubectl
Create user group using RBAC API?
Zookeeper: Hostname resolution fails
How to update Secrets (Without Deleting and Creating) in Openshift?
How to tail all logs in a kubernetes cluster
Kubectl command throwing error: Unable to connect to the server: getting credentials: exec: exit status 2
Minikube: kubectl connection refused - did you specify the right host or port?
How do I use kubectl via an ssh tunnel to access my internal ELB over my kubernetes API?