Have you ever wondered that when you access the API Server through kubectl you are authenticated through the API controller, but how will you do the same from the pod side? Here the Service Account role comes into play. As k8s definition itself says “Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).”
Things we should know about service Account,
- Created in a namespace.
- Used to allow processes inside pods, access to the API Server.
- Default service account = default (no access to the API server).
- Create your own service account.
- Use it in a RoleBinding or ClusterRoleBinding.
- Use the service account secret to obtain the authentication token & CA certificate.
What we will be covering today,
- Creating a pod (that gets automatically created in default Service Account)
- Will create a Service Account
- Creating a deployment that will be using appsa Service Account.
- RBAC