This knowledge base article explains how to create and configure a Kubernetes Service Account with cluster-level permissions for integrating a Google Kubernetes Engine (GKE) cluster with SWIFT.
SWIFT requires authenticated access to the Kubernetes API server to perform cluster discovery, workload management, and migration-related operations. This access is established using a Kubernetes Service Account token.
Pre-requisite:
1. An active and accessible GKE cluster
2. Cluster version compatible with SWIFT requirements
3. Network connectivity between SWIFT and the GKE API server
kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: swift-service-account-auto
namespace: kube-system
EOF
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: swift-service-account-auto
namespace: kube-system
annotations:
kubernetes.io/service-account.name: swift-service-account-auto
type: kubernetes.io/service-account-token
EOF
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: swift-admin-auto
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: swift-service-account-auto
namespace: kube-system
EOF
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/swift-service-account-auto /{print $1}') | awk '$1=="token:"{print $2}'After executing the above commands, a Kubernetes Service Account token is generated for the swift-service-account-auto Service Account in the kube-system namespace.
This token is a bearer token used for authenticating API requests to the Kubernetes control plane.