Skip to content

ServiceAccount

Gregory Nickonov edited this page Apr 2, 2019 · 1 revision

Quick start

R.service_account :watcher do
  automount_service_account_token false

  image_pull_secrets 'my-registry-pull-secret', 'other-registry-pull-secret'

  add_secret :passwords
end

Create ServiceAccount, disable mounting SA token automatically, specify image pull secrets to use and allow to consume secret 'passwords'.

ServiceAccount

Kubernetes Documentation

Sunstone property Kubernetes property Type
metadata metadata Kubernetes Object Metadata
automount_service_account_token automountServiceAccountToken Boolean
image_pull_secrets imagePullSecrets Array of LocalObjectReference
secrets secrets Array of ObjectReference

image_pull_secrets

Adds names to the list of image pull secrets:

image_pull_secrets 'image-pull-secret'

Alias image_pull_secret is provided for aesthetic purposes.

add_secret

Creates, initializes and adds a secret to the list of secrets allowed to be used by pods running using this ServiceAccount:

# Add reference to Secret 'passwords'
add_secret :passwords

# Add reference to Secret 'password' from namespace 'default'
add_secret :passwords, :default

# The same, but name and namespace are passed in the path form
add_secret 'default/passwords'
Clone this wiki locally