Q5
①以下の条件でserviceaccountを作成する
　名前空間：ckad ※ない場合作成する
　名前：testsa
②以下の条件でdeploymentを作成する
　名前空間：ckad
　名前：test-deployment
　使用するイメージ：nginx
　作成するレプリカ数：2
③作成したserviceaccountをdeploymentに付与する

A5
①serviceaccountの作成

kubeuser@master01:~$ kubectl create ns ckad

namespace/ckad created
kubeuser@master01:~$ kubectl get ns
NAME                   STATUS   AGE
blue                   Active   283d
cadvisor               Active   239d
ckad                   Active   4s
default                Active   299d
ingress-nginx          Active   297d
istio-system           Active   74d
kube-node-lease        Active   299d
kube-public            Active   299d
kube-system            Active   299d
kubernetes-dashboard   Active   286d
metallb-system         Active   298d
orange                 Active   283d

kubeuser@master01:~$ kubectl create sa testsa -n ckad
serviceaccount/testsa created

kubeuser@master01:~$ kubectl get sa -n ckad
NAME      SECRETS   AGE
default   0         69s
testsa    0         6s

②deploymentの作成

kubeuser@master01:~$ kubectl create deployment test-deployment --image=nginx --replicas=2 -n ckad --dry-run=client -o yaml > q5_deployment.yaml

kubeuser@master01:~$ cat q5_deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: test-deployment
  name: test-deployment
  namespace: ckad
spec:
  replicas: 2
  selector:
    matchLabels:
      app: test-deployment
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: test-deployment
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}```
<br>

kubeuser@master01:~$ vi q5_deployment.yaml

kubeuser@master01:~$ cat q5_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: test-deployment name: test-deployment namespace: ckad spec: replicas: 2 selector: matchLabels: app: test-deployment strategy: {} template: metadata: labels: app: test-deployment spec: containers: - image: nginx name: nginx

<br>

kubeuser@master01:~$ kubectl apply -f q5_deployment.yaml deployment.apps/test-deployment created

kubeuser@master01:~$ kubectl get deployment,pods -n ckad NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/test-deployment 2/2 2 2 2m29s

NAME READY STATUS RESTARTS AGE pod/test-deployment-6b7d86cbf5-6d66w 1/1 Running 0 2m27s pod/test-deployment-6b7d86cbf5-hchv4 1/1 Running 0 2m27s

<br>
③deploymentにserviceaccountを付与  

kubeuser@master01:~$ kubectl set sa deployment test-deployment testsa -n ckad deployment.apps/test-deployment serviceaccount updated

<br>

kubeuser@master01:~$ kubectl get deployments.apps test-deployment -n ckad NAME READY UP-TO-DATE AVAILABLE AGE test-deployment 2/2 2 2 5m5s kubeuser@master01:~$ kubectl describe deployments.apps test-deployment -n ckad Name: test-deployment Namespace: ckad CreationTimestamp: Mon, 08 Jan 2024 07:54:16 +0000 Labels: app=test-deployment Annotations: deployment.kubernetes.io/revision: 2 Selector: app=test-deployment Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable StrategyType: RollingUpdate MinReadySeconds: 0 RollingUpdateStrategy: 25% max unavailable, 25% max surge Pod Template: Labels: app=test-deployment Service Account: testsa Containers: nginx: Image: nginx Port: Host Port: Environment: Mounts: Volumes: Conditions: Type Status Reason

---

Available True MinimumReplicasAvailable Progressing True NewReplicaSetAvailable OldReplicaSets: test-deployment-6b7d86cbf5 (0/0 replicas created) NewReplicaSet: test-deployment-b879c9d79 (2/2 replicas created) Events: Type Reason Age From Message

---

Normal ScalingReplicaSet 5m14s deployment-controller Scaled up replica set test-deployment-6b7d86cbf5 to 2 Normal ScalingReplicaSet 56s deployment-controller Scaled up replica set test-deployment-b879c9d79 to 1 Normal ScalingReplicaSet 48s deployment-controller Scaled down replica set test-deployment-6b7d86cbf5 to 1 from 2 Normal ScalingReplicaSet 48s deployment-controller Scaled up replica set test-deployment-b879c9d79 to 2 from 1 Normal ScalingReplicaSet 32s deployment-controller Scaled down replica set test-deployment-6b7d86cbf5 to 0 from 1

kubeuser@master01:~$ kubectl get deployments.apps test-deployment -n ckad -o yaml apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"test-deployment"},"name":"test-deployment","namespace":"ckad"},"spec":{"replicas":2,"selector":{"matchLabels":{"app":"test-deployment"}},"strategy":{},"template":{"metadata":{"labels":{"app":"test-deployment"}},"spec":{"containers":[{"image":"nginx","name":"nginx"}]}}}} creationTimestamp: "2024-01-08T07:54:16Z" generation: 2 labels: app: test-deployment name: test-deployment namespace: ckad resourceVersion: "45790371" uid: e4e47e3d-3f6e-44da-b485-2cd1682c09c2 spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app: test-deployment strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: test-deployment spec: containers: - image: nginx imagePullPolicy: Always name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: testsa serviceAccountName: testsa terminationGracePeriodSeconds: 30 status: availableReplicas: 2 conditions: - lastTransitionTime: "2024-01-08T07:55:34Z" lastUpdateTime: "2024-01-08T07:55:34Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2024-01-08T07:54:17Z" lastUpdateTime: "2024-01-08T07:59:00Z" message: ReplicaSet "test-deployment-b879c9d79" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 2 replicas: 2 updatedReplicas: 2

<br><u><span style="font-size: 150%"><span style="color: #0000cc">
おまけ：削除</span></span></u>  

kubeuser@master01:~$ kubectl delete deployment test-deployment -n ckad deployment.apps "test-deployment" deleted

kubeuser@master01:~$ kubectl delete sa testsa -n ckad serviceaccount "testsa" deleted

kubeuser@master01:~$ kubectl delete ns ckad namespace "ckad" deleted

<br><u><span style="font-size: 150%"><span style="color: #0000cc">
本家参照サイト</span></span></u>  
Service Accounts  
[https://kubernetes.io/docs/concepts/security/service-accounts/](https://kubernetes.io/docs/concepts/security/service-accounts/)  
Configure Service Accounts for Pods
[https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)