Remove command prompts and separate commands from output [Authenticating] (#11851)
* remove command prompts and separate commands from output * tweak commentpull/11868/head
makocchi
Kubernetes Prow Robot
parent
8af53351d1
commit
7fa4ff6310
|
|
@ -217,10 +217,21 @@ Kubernetes API. To manually create a service account, simply use the `kubectl
|
|||
create serviceaccount (NAME)` command. This creates a service account in the
|
||||
current namespace and an associated secret.
|
||||
|
||||
```bash
|
||||
kubectl create serviceaccount jenkins
|
||||
```
|
||||
$ kubectl create serviceaccount jenkins
|
||||
|
||||
```none
|
||||
serviceaccount "jenkins" created
|
||||
$ kubectl get serviceaccounts jenkins -o yaml
|
||||
```
|
||||
|
||||
Check an associated secret:
|
||||
|
||||
```bash
|
||||
kubectl get serviceaccounts jenkins -o yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
@ -232,8 +243,11 @@ secrets:
|
|||
The created secret holds the public CA of the API server and a signed JSON Web
|
||||
Token (JWT).
|
||||
|
||||
```bash
|
||||
kubectl get secret jenkins-token-1yvwg -o yaml
|
||||
```
|
||||
$ kubectl get secret jenkins-token-1yvwg -o yaml
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
data:
|
||||
ca.crt: (APISERVER'S CA BASE64 ENCODED)
|
||||
|
|
@ -391,7 +405,7 @@ Once your `id_token` expires, `kubectl` will attempt to refresh your `id_token`
|
|||
|
||||
The `kubectl` command lets you pass in a token using the `--token` option. Simply copy and paste the `id_token` into this option:
|
||||
|
||||
```
|
||||
```bash
|
||||
kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo4MDQzL2F1dGgvaWRwL29pZGMiLCJhdWQiOiJrdWJlcm5ldGVzIiwiZXhwIjoxNDc0NTk2NjY5LCJqdGkiOiI2RDUzNXoxUEpFNjJOR3QxaWVyYm9RIiwiaWF0IjoxNDc0NTk2MzY5LCJuYmYiOjE0NzQ1OTYyNDksInN1YiI6Im13aW5kdSIsInVzZXJfcm9sZSI6WyJ1c2VycyIsIm5ldy1uYW1lc3BhY2Utdmlld2VyIl0sImVtYWlsIjoibXdpbmR1QG5vbW9yZWplZGkuY29tIn0.f2As579n9VNoaKzoF-dOQGmXkFKf1FMyNV0-va_B63jn-_n9LGSCca_6IVMP8pO-Zb4KvRqGyTP0r3HkHxYy5c81AnIh8ijarruczl-TK_yF5akjSTHFZD-0gRzlevBDiH8Q79NAr-ky0P4iIXS8lY9Vnjch5MF74Zx0c3alKJHJUnnpjIACByfF2SCaYzbWFMUNat-K1PaUk5-ujMBG7yYnr95xD-63n8CO8teGUAAEMx6zRjzfhnhbzX-ajwZLGwGUBT4WqjMs70-6a7_8gZmLZb2az1cZynkFRj2BaCkVT3A2RrjeEwZEtGXlMqKJ1_I2ulrOVsYx01_yD35-rw get nodes
|
||||
```
|
||||
|
||||
|
|
@ -620,11 +634,21 @@ Impersonate-Extra-scopes: development
|
|||
When using `kubectl` set the `--as` flag to configure the `Impersonate-User`
|
||||
header, set the `--as-group` flag to configure the `Impersonate-Group` header.
|
||||
|
||||
```shell
|
||||
$ kubectl drain mynode
|
||||
Error from server (Forbidden): User "clark" cannot get nodes at the cluster scope. (get nodes mynode)
|
||||
```bash
|
||||
kubectl drain mynode
|
||||
```
|
||||
|
||||
$ kubectl drain mynode --as=superman --as-group=system:masters
|
||||
```none
|
||||
Error from server (Forbidden): User "clark" cannot get nodes at the cluster scope. (get nodes mynode)
|
||||
```
|
||||
|
||||
Set the `--as` and `--as-group` flag:
|
||||
|
||||
```bash
|
||||
kubectl drain mynode --as=superman --as-group=system:masters
|
||||
```
|
||||
|
||||
```none
|
||||
node/mynode cordoned
|
||||
node/mynode drained
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in New Issue