Unleashing Kubernetes: The Power of Service Accounts

mesrar

Mesrar

Posted on February 1, 2024

Unleashing Kubernetes: The Power of Service Accounts

In Kubernetes, Service Accounts play a pivotal role in governing permissions and authentication for applications running within pods. Let's dive into key commands and concepts related to Service Accounts.

Service Account Operations

Create a Service Account
Create a new Service Account:

kubectl create sa <sa-name>

Enter fullscreen mode Exit fullscreen mode

View Service Accounts
List all Service Accounts in the current namespace:

kubectl get sa
Enter fullscreen mode Exit fullscreen mode

Describe a Service Account
Get detailed information about a specific Service Account:

kubectl describe sa <sa-name>

Enter fullscreen mode Exit fullscreen mode

Fetch Token from Service Account
Retrieve the token associated with a Service Account:


kubectl describe sa <sa-name>  # provides the associated secret name
kubectl describe secret <secret-name>  # fetches the token stored in the secret
Enter fullscreen mode Exit fullscreen mode

Create a Pod with a Service Account
Run a pod using a specific Service Account:


kubectl run nginx --image=nginx --serviceaccount=myuser --dry-run=client -o yaml > pod.yaml
kubectl apply -f pod.yaml
Enter fullscreen mode Exit fullscreen mode

When a Service Account is used inside a pod, the secret for that Service Account is mounted as a volume inside the pod.

Pod-level Service Account
Specify the Service Account at the pod level:


apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  serviceAccountName: myuser
  containers:
  - name: mycontainer
    image: myimage
Enter fullscreen mode Exit fullscreen mode

User vs. Service Account
A user makes requests to the API server through kubectl using their user account.
A process running inside a container makes requests to the API server using a Service Account.
Both user accounts and Service Accounts have associated permissions.

Remember: Service Accounts are injected into the pod and can be set at both the pod and deployment levels.

Harness the power of Service Accounts to enhance security and control within your Kubernetes environment.

Happy Kuberneting!

💖 💪 🙅 🚩
mesrar
Mesrar

Posted on February 1, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related