R12.3-2026Apr21

Setup Kubernetes API Access

This topic guides you through enabling API access in your Kubernetes cluster by creating a service account with the necessary permissions. You’ll use a YAML configuration to set up a namespace, a service account, a cluster role, a role binding, and a secret to hold the authentication token. After applying the configuration, you’ll verify the setup and retrieve the token for use in your system, making it easy to connect securely to the Kubernetes API.

Setup Service Account

To enable API access, create a service account with the required permissions using the following YAML configuration.

This configuration creates these resources in the Kubernetes cluster:

  • Namespace named nb-access.
  • ServiceAccount named api-service-account within the nb-access namespace.
  • ClusterRole with permissions to access various Kubernetes resources.
  • ClusterRoleBinding to link the ServiceAccount with the ClusterRole.
  • Secret to store the service account token for authentication.
    • Copy Code
    YAML
    apiVersion: v1
kind: Namespace
metadata:
  name: nb-access
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: api-service-account
  namespace: nb-access
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: api-cluster-role
  namespace: nb-access
rules:
  - apiGroups:
        - ""
        - apps
        - autoscaling
        - batch
        - extensions
        - policy
        - rbac.authorization.k8s.io
        - networking.k8s.io
        - crd.projectcalico.org
    resources:
      - pods
      - componentstatuses
      - configmaps
      - daemonsets
      - deployments
      - events
      - endpoints
      - horizontalpodautoscalers
      - ingresses
      - jobs
      - limitranges
      - namespaces
      - nodes
      - pods
      - persistentvolumes
      - persistentvolumeclaims
      - resourcequotas
      - replicasets
      - replicationcontrollers
      - serviceaccounts
      - services
      - fieldSelector
      - config-view
      - blockaffinities
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: api-cluster-role-binding_new
subjects:
- namespace: nb-access
  kind: ServiceAccount
  name: api-service-account
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: api-cluster-role
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: mysecretname
  namespace: nb-access
  annotations:
    kubernetes.io/service-account.name: api-service-account

    Apply Configuration

    Follow these steps to apply the configuration using the YAML file:

    1. Save the provided YAML content as svc.yaml.
    2. Apply the configuration with this command:
      Copy Code
      Code
      kubectl apply -f svc.yaml



    3. Verify the configuration using these commands:
      Copy Code
      Code
      kubectl get serviceaccount -n nb-access
kubectl get secret -n nb-access

    Retrieve Secret Token

    Follow these steps to retrieve the API token:

    1. Get the secret name:
      Copy Code
      Code
      kubectl get secrets -n nb-access

    2. Describe the secret to extract the token:
      Copy Code
      Code
      kubectl -n nb-access describe secret api-secret-token

    3. Copy the token securely. You’ll use this token in the NetBrain system setup.
    Discover Kubernetes Discover Kubernetes Cluster