AVI: Difference between revisions
→OpenShift Service Account for Avi Authentication
Line 174:
== OpenShift Service Account for Avi Authentication ==
1. Create a Service Account for Avi:
nano sa.json
Line 187 ⟶ 186:
oc create -f sa.json
2. Create a Cluster Role
nano clusterrolesepod.json
<pre>
{
"apiVersion": "v1",
"kind": "ClusterRole",
"metadata": {
"name": "avirole"
},
"rules": [
{
"apiGroups": [
""
],
"resources": [
"*"
],
"verbs": [
"get",
"list",
"watch"
]
},
{
"apiGroups": [
""
],
"resources": [
"routes/status"
],
"verbs": [
"patch",
"update"
]
},
{
"apiGroups": [
""
],
"resources": [
"pods",
"secrets",
"securitycontextconstraints",
"serviceaccounts"
],
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
]
},
{
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets",
"ingresses"
],
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
]
},
{
"apiGroups": [
"apps"
],
"resources": [
"*"
],
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
]
}
]
}
</pre>
3. Add Created Cluster Role to Service Account
oc adm policy add-cluster-role-to-user avirole system:serviceaccount:default:avi
4. Extract Token for Use in Avi Cloud Configuration
oc describe serviceaccount avi
oc describe secret avi-token-emof0
= Using Ansible =
| |||