In K8s, a service account is an account used by container processes within Pods to authenticate with the K8s API. If your Pods need to communicate with the K8s API, you can use service accounts to control their access.
Creating ServiceAccounts
Relevant Documentation: Configure Service Accounts for Pods, Using RBAC Authorization
- Create a basic ServiceAccount using the YAML file
my-serviceaccount.yml:
apiVersion: v1 kind: ServiceAccount metadata: name: my-serviceaccount
Save the above content in
my-serviceaccount.yml file.To create the ServiceAccount, run the following command:
kubectl create -f my-serviceaccount.yml
- Create a ServiceAccount with an imperative command:
kubectl create sa my-serviceaccount2 -n default
- View your ServiceAccount:
kubectl get sa
- Attach a Role to the ServiceAccount with a RoleBinding. Create a YAML file
sa-pod-reader.ymlwith the following content:
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: sa-pod-reader namespace: default subjects: - kind: ServiceAccount name: my-serviceaccount namespace: default roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io
- To create the RoleBinding, run the following command:
kubectl create -f sa-pod-reader.yml
- Get additional information for the ServiceAccount:
kubectl describe sa my-serviceaccount