Naresh Khatiwada:
Can any one help me how to create ra service account with restricted access to a secret ? Please
Aibek:
Do you mean a service account that have permissions to fetch only a given secret?
If so, you would have to achieve that using RBAC, like:
apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: Role
metadata:
name: secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["NAME_OF_THE_SECRET"]
verbs: ["get"]
Then create role binding to bind that specific role to the service account