Live Optics | Kubernetes | Create a service account for a Red Hat OpenShift environment

Prerequisites  

• Download and install the OpenShift CLI (oc). See https://docs.openshift.com/container-platform/4.15/cli_reference/openshift_cli/getting-started-cli.html for more information. 
• Download the attached YAML file (liveoptics-read-api-permissions.yaml) located at the end of this article

NOTE: The screenshots used in the article are, for example, purposes only. Ensure use of the correct login credentials, including IP addresses and port numbers for the environment.
 

1. Open a terminal or command prompt and enter the following command to log in to your target cluster.

   oc login <cluster-url>  (Replace <cluster-url> with the URL of your target cluster).
   

2. Enter your username and password when prompted. 
   
    
    
3. Apply the YAML file attached to this article using the following command:

   oc apply -f liveoptics-read-api.yaml

   
   This creates:
      - A service account (liveoptics-read-api)
      - A token (liveoptics-read-api-token)
      - A role (liveoptics-read-api-access)
      - A role binding (liveoptics-read-api-binding)
   
    
   
   The role created by the YAML file has Get, List, and Watch permissions for the following resources:
   • Apps/replicasets
   • Apps/statefulsets
   • Metrics.k8s.io/*
   • Nodes
   • Nodes/status
   • Persistentvolumes
   • Persistentvolumeclaims
   • Pods
   • Storage.k8s.io/*
   • Snapshot.storage.k8s.io/*
      
4. Use the following command to retrieve the token data created automatically in Step 3. The name of the token appears in the output of Step 3. In this example, the token name is liveoptics-read-api-token.

   oc describe secret <token name>

   
    
    
5. Copy the full token text (with no white spaces) and save it for the next step. 
   
    
    
6. To generate the Kubeconfig file, run the below command. Replace <server name> with your server details, and $TOKEN with the token saved from the previous step. Enter a location for the Kubeconfig file to be saved. In this example, it is /tmp directory. 
    

   oc login --server=<server_name> --token=$TOKEN --kubeconfig=/tmp/serviceaccount-kubeconfig

   
    
7. Browse to your specified location to retrieve the Kubeconfig file. Start the Kubernetes collection using the Live Optics collector. See Complete a Kubernetes collection for more information.