Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Services operating within a pod are given IDs by Kubernetes Service Accounts. We’ll go over the fundamentals of service accounts, RBAC permissions, and how they interact with third-party apps in this comprehensive guide.
Kubernetes Service Accounts: What Are They?
A process operating inside a pod has an identity provided by a service account. The official definition found in the Kubernetes documentation is, I believe, the best I’ve heard.
Users do not have service accounts. As administrators and developers, you and I use user accounts to access the cluster and do maintenance or development tasks.
Applications and processes use service accounts for authentication when interacting with the ApiServer.
Which Kubernetes service account is default?
There is a default service account for each namespace. Additionally, if a pod is created without a service account specified, the default service account with minimal rights is allocated, along with its token mounted as a secret.
Thus, you should build a service account for your application or process if you wish to grant it additional access or if you want to have specific control.
How to Register for a Service
Using kubectl, you can quickly create a service account by running:
kubectl create serviceaccount myserviceaccountAlternatively, one can be declaratively made using:
apiVersion: v1
kind: ServiceAccount
metadata:
name: myserviceaccount