AVI: Difference between revisions
Content added Content deleted
Line 174: | Line 174: | ||
== OpenShift Service Account for Avi Authentication == |
== OpenShift Service Account for Avi Authentication == |
||
Create a Service Account for Avi: |
1. Create a Service Account for Avi: |
||
nano sa.json |
nano sa.json |
||
Line 187: | Line 186: | ||
oc create -f sa.json |
oc create -f sa.json |
||
2. Create a Cluster Role |
|||
nano clusterrolesepod.json |
|||
<pre> |
|||
{ |
|||
"apiVersion": "v1", |
|||
"kind": "ClusterRole", |
|||
"metadata": { |
|||
"name": "avirole" |
|||
}, |
|||
"rules": [ |
|||
{ |
|||
"apiGroups": [ |
|||
"" |
|||
], |
|||
"resources": [ |
|||
"*" |
|||
], |
|||
"verbs": [ |
|||
"get", |
|||
"list", |
|||
"watch" |
|||
] |
|||
}, |
|||
{ |
|||
"apiGroups": [ |
|||
"" |
|||
], |
|||
"resources": [ |
|||
"routes/status" |
|||
], |
|||
"verbs": [ |
|||
"patch", |
|||
"update" |
|||
] |
|||
}, |
|||
{ |
|||
"apiGroups": [ |
|||
"" |
|||
], |
|||
"resources": [ |
|||
"pods", |
|||
"secrets", |
|||
"securitycontextconstraints", |
|||
"serviceaccounts" |
|||
], |
|||
"verbs": [ |
|||
"create", |
|||
"delete", |
|||
"get", |
|||
"list", |
|||
"update", |
|||
"watch" |
|||
] |
|||
}, |
|||
{ |
|||
"apiGroups": [ |
|||
"extensions" |
|||
], |
|||
"resources": [ |
|||
"daemonsets", |
|||
"ingresses" |
|||
], |
|||
"verbs": [ |
|||
"create", |
|||
"delete", |
|||
"get", |
|||
"list", |
|||
"update", |
|||
"watch" |
|||
] |
|||
}, |
|||
{ |
|||
"apiGroups": [ |
|||
"apps" |
|||
], |
|||
"resources": [ |
|||
"*" |
|||
], |
|||
"verbs": [ |
|||
"create", |
|||
"delete", |
|||
"get", |
|||
"list", |
|||
"update", |
|||
"watch" |
|||
] |
|||
} |
|||
] |
|||
} |
|||
</pre> |
|||
3. Add Created Cluster Role to Service Account |
|||
oc adm policy add-cluster-role-to-user avirole system:serviceaccount:default:avi |
|||
4. Extract Token for Use in Avi Cloud Configuration |
|||
oc describe serviceaccount avi |
|||
oc describe secret avi-token-emof0 |
|||
= Using Ansible = |
= Using Ansible = |