Difference between revisions of "Kubernetes service account"

From wikieduonline
Jump to navigation Jump to search
 
(44 intermediate revisions by 6 users not shown)
Line 1: Line 1:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
* https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
* [[Terraform Kubernetes resource: kubernetes_service_account]]
+
* https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
 +
* https://kubernetes.io/docs/reference/access-authn-authz/rbac/
 +
[[system:serviceaccount:]] (singular) is the prefix for service account usernames.
 +
[[system:serviceaccounts:]] (plural) is the prefix for service account groups.
 +
 
 +
* <code>[[kind: ServiceAccount]]</code>
 +
* <code>[[kubernetes.io/service-account-token]]</code>
 +
* <code>[[My-first-chart/templates/serviceaccount.yaml]]</code>
  
 +
== Commands ==
 +
* <code>[[kubectl get serviceaccounts]], [[kubectl get sa]]</code>
 +
** <code>[[kubectl get sa -n kube-system]]</code>
 +
* <code>[[kubectl create serviceaccount]], [[kubectl create sa]]</code>
 +
* <code>[[kubectl describe sa]]</code>
  
[[kind: ServiceAccount]]
 
  
[[kubectl get serviceaccounts]]
+
[[Helm v2]] (deprecated)
 +
* <code>[[helm init]] --stable-repo-url=https://charts.helm.sh/stable --service-account [[tiller]] --tiller-image ghcr.io/helm/tiller:v2.16.1</code>
  
[[kubernetes.io/service-account-token]]
+
== Errors ==
 +
* <code>Error creating: pods "your_pod" [[is forbidden]]: [[error looking up service account]] default/your_service_account: serviceaccount "your_service_account" [[not found]]</code>
 +
* {{impersonator}}
  
 +
== Changelog ==
 +
* Conflicting issuers between [[JWT authenticators]] and service account config are now detected and fail on API server startup.
  
[[Helm v2]] (deprecated)
+
== News ==
* <code>[[helm init]] --stable-repo-url=https://charts.helm.sh/stable --service-account [[tiller]] --tiller-image ghcr.io/helm/tiller:v2.16.1</code>
+
* [[v1.31]] Bound [[Kubernetes service account|service account]] token improvement (<code>[[ServiceAccountTokenNodeBinding]]</code>)<ref>https://kubernetes.io/blog/2024/08/13/kubernetes-v1-31-release/#bound-service-account-token-improvements</ref>
  
 
== Related ==
 
== Related ==
 +
* [[Terraform Kubernetes resource: kubernetes_service_account]]
 
* [[Google Cloud Service account]]
 
* [[Google Cloud Service account]]
 
* [[Helm]]: <code>[[My-first-chart/templates/serviceaccount.yaml]]</code>
 
* [[Helm]]: <code>[[My-first-chart/templates/serviceaccount.yaml]]</code>
* <code>[[kubectl get serviceaccounts]]</code>
+
* [[Kubernetes roles]]
 +
* [[Token]]: <code>[[aws eks get-token]]</code>
 +
* [[Kubernetes controller manager]]
 +
* <code>[[BoundServiceAccountTokenVolume]]</code>
 +
* [[ServiceAccount admission controller]]: <code>[[/var/run/secrets/kubernetes.io/serviceaccount]]</code>
 +
* <code>[[default]]</code>
 +
* <code>[[kubectl describe clusterrolebindings]]</code>
 +
* [[Kubernetes users]], [[Kubernetes groups]]
 +
 
 +
== Activities ==
 +
* Read AWS documentation: https://docs.aws.amazon.com/eks/latest/userguide/service-accounts.html
 +
* [[Configuring Pods to use a Kubernetes service account]]
  
 
== See also ==
 
== See also ==
Line 22: Line 50:
 
* {{Kubernetes Authentication}}
 
* {{Kubernetes Authentication}}
 
* {{Kubernetes RBAC}}
 
* {{Kubernetes RBAC}}
 +
* {{Kubernetes users}}
  
 
[[Category:K8s]]
 
[[Category:K8s]]

Latest revision as of 14:55, 12 September 2024

system:serviceaccount: (singular) is the prefix for service account usernames.
system:serviceaccounts: (plural) is the prefix for service account groups.

Commands[edit]


Helm v2 (deprecated)

Errors[edit]

Changelog[edit]

  • Conflicting issuers between JWT authenticators and service account config are now detected and fail on API server startup.

News[edit]

Related[edit]

Activities[edit]

See also[edit]

  • https://kubernetes.io/blog/2024/08/13/kubernetes-v1-31-release/#bound-service-account-token-improvements
  • Advertising: