Credentials

Create ServiceAccount

kubectl create serviceaccount jenkins-sa

Retrieve (decoded) token from secret created for ServiceAccount

kubectl get secret jenkins-sa-token-vnp5k -o jsonpath={.data.token} | base64 -d

Create ~/.kube/config with CA & ServiceAccount Token

~/.kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <insert plain text CA>
    server: https://<api endpoint>
  name: <cluster name>
contexts:
- context:
    cluster: <cluster name>
    namespace: default
    user: default
  name: <cluster name>
current-context: <cluster name>
kind: Config
preferences: {}
users:
- name: default
  user:
    as-user-extra: {}
    token: <insert base64 decoded token from service account user>
kubectl config set-credentials sa-user \
        --token=$(kubectl get secret <secret_name> -o jsonpath={.data.token} | base64 -d)

Creating a Cluster Admin Binding

kubectl create clusterrolebinding jenkins-sa-binding \
        --clusterrole=cluster-admin \
        --user="system:serviceaccount:default:jenkins-sa"

Last updated