Set up an external client¶
Many times you need to access a service from outside the cluster. For example, you may want to access Rok, which is running in a cluster, from your laptop.
To do this, you need to:
- Create an identity: We are using Kubernetes
ServiceAccountsfor this. We will create a new
ServiceAccountand use its token for the external client.
ServiceAccountsare essentially device or machine identities.
- Authorize the identity: We are creating
RoleBindingsto grant permissions to the
Step 1: Create an identity¶
Connect to a Notebook Server
this helper script:
$ wget <download_root>/sa-create.py
Run it to create a new ServiceAccount and retrieve a long-lived token for it:
$ python3 sa-create.py
The script has stored the token in a file. You need to move this file to the device which will use it. For example, download it to your laptop.