I have a program which can fire kubectl commands to fetch all the namespaces and then loop through each namespace to restart the deployments present in that namespace. This program is on my machine and I want to deploy it to the AKS Cluster and schedule this operation once a day.
To achieve this I am trying to first create a simple pod which can fire kubectl commands. I have already followed these two answers from stackoverflow but they are not enough or my understanding is not enough.
First Post - Allow Kubernetes user list/get namespaces Second Post - Is there a kubernetes role definition to allow the command `kubectl rollout restart deploy <deployment>`?
So this is my yaml which is creating everything in default namespace
apiVersion: v1
kind: ServiceAccount
metadata:
name: restart-sa
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: restarter
rules:
- apiGroups: [""]
resources:
- namespaces
verbs:
- get
- list
- apiGroups: [""]
resources:
- deployments
verbs:
- get
- watch
- list
- patch
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- delete
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: testrolebinding
namespace: default
subjects:
- kind: ServiceAccount
name: restart-sa
namespace: default
roleRef:
kind: Role
name: restarter
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- image: nginx
name: nginx
serviceAccountName: restart-sa
After the pod is created, I am going inside the shel of pod to install the kubectl cli using the following command -->
apt update
apt install -y curl
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
After kubectl is successfully installed, I firing the commands with no success, attaching screenshot of the commands and their outputs
As you can see only get pods worked that too for the same namespace, how can I use kubectl from the container like an admin uses it from the his machine ?
