In K8s, a service account is an account used by container processes within Pods to authenticate with the K8s API. If your Pods need to communicate with the K8s API, you can use service accounts to control their access.
Relevant Documentation: Configure Service Accounts for Pods, Using RBAC Authorization
my-serviceaccount.yml
:apiVersion: v1
kind: ServiceAccount
metadata:
name: my-serviceaccount
Save the above content in my-serviceaccount.yml
file.
To create the ServiceAccount, run the following command:
kubectl create -f my-serviceaccount.yml
kubectl create sa my-serviceaccount2 -n default
kubectl get sa
sa-pod-reader.yml
with the following content:apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sa-pod-reader
namespace: default
subjects:
- kind: ServiceAccount
name: my-serviceaccount
namespace: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
kubectl create -f sa-pod-reader.yml
kubectl describe sa my-serviceaccount