Member-only story
Service Accounts in Kubernetes
The concept of service account is linked to other security related concepts in Kubernetes such as authentication, authorization, RBAC (role-based access controls).
Therea are two types of accounts in Kubernetes,
- User account
- Service account
The user account is used by humans and service account is used by machines. An user account could be an admin accessing the cluster to perform admin relate task or may be developer accessing cluster to deploy an application.
A service account could be an account used by an application to interact with the Kubernetes cluster such a monitoring application like Prometheus is used as a service account to pull the Kubernetes API for performance metrics. Also automated tools like Jenkins uses service account to deploy applications.
Lets talk about an example. You are building a dashboard do display information about list of pods on a K8s cluster.
You need to send a request to the K8s API to retrieve data and display it on the web page. You need to be authenticated to obtain information from the K8s cluster.
This is where service account comes in to place. You can use below command to create a service account.
kubectl create serviceaccount dashboard-userYou can use below command to view service accounts.
kubectl get serviceaccount
