R12.1-2025Jul03

Setup Kubernetes API Access

This topic guides you through enabling API access in your Kubernetes cluster by creating a service account with the necessary permissions. You’ll use a YAML configuration to set up a namespace, a service account, a cluster role, a role binding, and a secret to hold the authentication token. After applying the configuration, you’ll verify the setup and retrieve the token for use in your system, making it easy to connect securely to the Kubernetes API.

Setup Service Account

To enable API access, create a service account with the required permissions using the following YAML configuration.

This configuration creates these resources in the Kubernetes cluster:

  • Namespace named nb-access.
  • ServiceAccount named api-service-account within the nb-access namespace.
  • ClusterRole with permissions to access various Kubernetes resources.
  • ClusterRoleBinding to link the ServiceAccount with the ClusterRole.
  • Secret to store the service account token for authentication.
    • Copy Code
    YAML
    apiVersion: v1
    kind: Namespace
    metadata:
      name: nb-access
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: api-service-account
      namespace: nb-access
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: api-cluster-role
      namespace: nb-access
    rules:
      - apiGroups:
            - ""
            - apps
            - autoscaling
            - batch
            - extensions
            - policy
            - rbac.authorization.k8s.io
            - networking.k8s.io
            - crd.projectcalico.org
        resources:
          - pods
          - componentstatuses
          - configmaps
          - daemonsets
          - deployments
          - events
          - endpoints
          - horizontalpodautoscalers
          - ingresses
          - jobs
          - limitranges
          - namespaces
          - nodes
          - pods
          - persistentvolumes
          - persistentvolumeclaims
          - resourcequotas
          - replicasets
          - replicationcontrollers
          - serviceaccounts
          - services
          - fieldSelector
          - config-view
          - blockaffinities
        verbs: ["get", "list", "watch"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: api-cluster-role-binding_new
    subjects:
    - namespace: nb-access
      kind: ServiceAccount
      name: api-service-account
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: api-cluster-role
    ---
    apiVersion: v1
    kind: Secret
    type: kubernetes.io/service-account-token
    metadata:
      name: mysecretname
      namespace: nb-access
      annotations:
        kubernetes.io/service-account.name: api-service-account

    Apply Configuration

    Follow these steps to apply the configuration using the YAML file:

    1. Save the provided YAML content as svc.yaml.
    2. Apply the configuration with this command:
      Copy Code
      Code
      kubectl apply -f svc.yaml



    3. Verify the configuration using these commands:
      Copy Code
      Code
      kubectl get serviceaccount -n nb-access
      kubectl get secret -n nb-access

    Retrieve Secret Token

    Follow these steps to retrieve the API token:

    1. Get the secret name:
      Copy Code
      Code
      kubectl get secrets -n nb-access

    2. Describe the secret to extract the token:
      Copy Code
      Code
      kubectl -n nb-access describe secret api-secret-token

    3. Copy the token securely. You’ll use this token in the NetBrain system setup.
    Discover Kubernetes Discover Kubernetes Cluster