1. Answers
  2. Linking ServiceAccounts to Persistent Volume Claims for Access Control

How do I link ServiceAccounts to Persistent Volume Claims for access control?

In this guide, we will demonstrate how to link Kubernetes ServiceAccounts to Persistent Volume Claims (PVCs) for access control using Pulumi. This involves creating a ServiceAccount, a PersistentVolume, a PersistentVolumeClaim, and configuring access control between them.

Key Points:

  • Create a Kubernetes ServiceAccount.
  • Define a PersistentVolume.
  • Create a PersistentVolumeClaim.
  • Link the ServiceAccount to the PVC for access control.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
    metadata: { name: "example-namespace" },
});

// Create a ServiceAccount
const serviceAccount = new k8s.core.v1.ServiceAccount("example-sa", {
    metadata: {
        namespace: namespace.metadata.name,
    },
});

// Define a PersistentVolume
const persistentVolume = new k8s.core.v1.PersistentVolume("example-pv", {
    metadata: { name: "example-pv" },
    spec: {
        capacity: {
            storage: "1Gi",
        },
        accessModes: ["ReadWriteOnce"],
        persistentVolumeReclaimPolicy: "Retain",
        hostPath: {
            path: "/mnt/data",
        },
    },
});

// Create a PersistentVolumeClaim
const persistentVolumeClaim = new k8s.core.v1.PersistentVolumeClaim("example-pvc", {
    metadata: {
        namespace: namespace.metadata.name,
        name: "example-pvc",
    },
    spec: {
        accessModes: ["ReadWriteOnce"],
        resources: {
            requests: {
                storage: "1Gi",
            },
        },
        volumeName: persistentVolume.metadata.name,
    },
});

// Export the namespace, service account, and PVC names
export const nsName = namespace.metadata.name;
export const saName = serviceAccount.metadata.name;
export const pvcName = persistentVolumeClaim.metadata.name;

Summary

In this example, we created a Kubernetes ServiceAccount, a PersistentVolume, a PersistentVolumeClaim, and linked the ServiceAccount to the PVC for access control. This setup ensures that the specified ServiceAccount has access to the PersistentVolumeClaim, allowing for controlled access to the underlying storage.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up