Add service account example with API lookup

Add service account example with API lookup

Author: ianmiell

.github/workflows/test.yml

@@ -27,6 +27,7 @@ jobs:
           sleep 5
           type kubectl
           kubectl version || true | tee apply.txt
+          ls ~/.*
           kubectl create sa default 2>/dev/null || true
           kubectl get sa -A
 

ServiceAccount/service-account-pod.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: role-pod-read
+  namespace: default
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: service-account-rolebinding
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: service-account-pod-read
+roleRef:
+  kind: Role
+  name: role-pod-read
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-account-pod-read
+  namespace: default
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: service-account-pod
+  namespace: default
+spec:
+  containers:
+    - command: ["/bin/bash","-c","apt update -y -qq && apt install -qq -y curl && curl -s https://kubernetes:443/api/v1/namespaces/default/pods --header \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" --insecure && sleep 3600"]
+      image: ubuntu
+      name: pods-simple-container
+  serviceAccount: service-account-pod-read