Remove command prompts and separate commands from output [Authenticating] (#11851)
* remove command prompts and separate commands from output * tweak commentpull/11868/head
parent
8af53351d1
commit
7fa4ff6310
|
@ -217,10 +217,21 @@ Kubernetes API. To manually create a service account, simply use the `kubectl
|
||||||
create serviceaccount (NAME)` command. This creates a service account in the
|
create serviceaccount (NAME)` command. This creates a service account in the
|
||||||
current namespace and an associated secret.
|
current namespace and an associated secret.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl create serviceaccount jenkins
|
||||||
```
|
```
|
||||||
$ kubectl create serviceaccount jenkins
|
|
||||||
|
```none
|
||||||
serviceaccount "jenkins" created
|
serviceaccount "jenkins" created
|
||||||
$ kubectl get serviceaccounts jenkins -o yaml
|
```
|
||||||
|
|
||||||
|
Check an associated secret:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl get serviceaccounts jenkins -o yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -232,8 +243,11 @@ secrets:
|
||||||
The created secret holds the public CA of the API server and a signed JSON Web
|
The created secret holds the public CA of the API server and a signed JSON Web
|
||||||
Token (JWT).
|
Token (JWT).
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl get secret jenkins-token-1yvwg -o yaml
|
||||||
```
|
```
|
||||||
$ kubectl get secret jenkins-token-1yvwg -o yaml
|
|
||||||
|
```yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
data:
|
data:
|
||||||
ca.crt: (APISERVER'S CA BASE64 ENCODED)
|
ca.crt: (APISERVER'S CA BASE64 ENCODED)
|
||||||
|
@ -391,7 +405,7 @@ Once your `id_token` expires, `kubectl` will attempt to refresh your `id_token`
|
||||||
|
|
||||||
The `kubectl` command lets you pass in a token using the `--token` option. Simply copy and paste the `id_token` into this option:
|
The `kubectl` command lets you pass in a token using the `--token` option. Simply copy and paste the `id_token` into this option:
|
||||||
|
|
||||||
```
|
```bash
|
||||||
kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo4MDQzL2F1dGgvaWRwL29pZGMiLCJhdWQiOiJrdWJlcm5ldGVzIiwiZXhwIjoxNDc0NTk2NjY5LCJqdGkiOiI2RDUzNXoxUEpFNjJOR3QxaWVyYm9RIiwiaWF0IjoxNDc0NTk2MzY5LCJuYmYiOjE0NzQ1OTYyNDksInN1YiI6Im13aW5kdSIsInVzZXJfcm9sZSI6WyJ1c2VycyIsIm5ldy1uYW1lc3BhY2Utdmlld2VyIl0sImVtYWlsIjoibXdpbmR1QG5vbW9yZWplZGkuY29tIn0.f2As579n9VNoaKzoF-dOQGmXkFKf1FMyNV0-va_B63jn-_n9LGSCca_6IVMP8pO-Zb4KvRqGyTP0r3HkHxYy5c81AnIh8ijarruczl-TK_yF5akjSTHFZD-0gRzlevBDiH8Q79NAr-ky0P4iIXS8lY9Vnjch5MF74Zx0c3alKJHJUnnpjIACByfF2SCaYzbWFMUNat-K1PaUk5-ujMBG7yYnr95xD-63n8CO8teGUAAEMx6zRjzfhnhbzX-ajwZLGwGUBT4WqjMs70-6a7_8gZmLZb2az1cZynkFRj2BaCkVT3A2RrjeEwZEtGXlMqKJ1_I2ulrOVsYx01_yD35-rw get nodes
|
kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo4MDQzL2F1dGgvaWRwL29pZGMiLCJhdWQiOiJrdWJlcm5ldGVzIiwiZXhwIjoxNDc0NTk2NjY5LCJqdGkiOiI2RDUzNXoxUEpFNjJOR3QxaWVyYm9RIiwiaWF0IjoxNDc0NTk2MzY5LCJuYmYiOjE0NzQ1OTYyNDksInN1YiI6Im13aW5kdSIsInVzZXJfcm9sZSI6WyJ1c2VycyIsIm5ldy1uYW1lc3BhY2Utdmlld2VyIl0sImVtYWlsIjoibXdpbmR1QG5vbW9yZWplZGkuY29tIn0.f2As579n9VNoaKzoF-dOQGmXkFKf1FMyNV0-va_B63jn-_n9LGSCca_6IVMP8pO-Zb4KvRqGyTP0r3HkHxYy5c81AnIh8ijarruczl-TK_yF5akjSTHFZD-0gRzlevBDiH8Q79NAr-ky0P4iIXS8lY9Vnjch5MF74Zx0c3alKJHJUnnpjIACByfF2SCaYzbWFMUNat-K1PaUk5-ujMBG7yYnr95xD-63n8CO8teGUAAEMx6zRjzfhnhbzX-ajwZLGwGUBT4WqjMs70-6a7_8gZmLZb2az1cZynkFRj2BaCkVT3A2RrjeEwZEtGXlMqKJ1_I2ulrOVsYx01_yD35-rw get nodes
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -620,11 +634,21 @@ Impersonate-Extra-scopes: development
|
||||||
When using `kubectl` set the `--as` flag to configure the `Impersonate-User`
|
When using `kubectl` set the `--as` flag to configure the `Impersonate-User`
|
||||||
header, set the `--as-group` flag to configure the `Impersonate-Group` header.
|
header, set the `--as-group` flag to configure the `Impersonate-Group` header.
|
||||||
|
|
||||||
```shell
|
```bash
|
||||||
$ kubectl drain mynode
|
kubectl drain mynode
|
||||||
Error from server (Forbidden): User "clark" cannot get nodes at the cluster scope. (get nodes mynode)
|
```
|
||||||
|
|
||||||
$ kubectl drain mynode --as=superman --as-group=system:masters
|
```none
|
||||||
|
Error from server (Forbidden): User "clark" cannot get nodes at the cluster scope. (get nodes mynode)
|
||||||
|
```
|
||||||
|
|
||||||
|
Set the `--as` and `--as-group` flag:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl drain mynode --as=superman --as-group=system:masters
|
||||||
|
```
|
||||||
|
|
||||||
|
```none
|
||||||
node/mynode cordoned
|
node/mynode cordoned
|
||||||
node/mynode drained
|
node/mynode drained
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in New Issue