Followers

Kubernetes - Service Account

Service Account It provides an identity for the processes that run in a Pod. Access to k8s cluster using kubectl command is authenticated by...

Service Account

It provides an identity for the processes that run in a Pod.

Access to k8s cluster using kubectl command is authenticated by the API server. The processes that are running inside the pod also contact the API server using the service account.

default service account

Whenever a namespace is created then a default service account is created along with the namespace.

       kubectl create ns dev

       kubectl get sa -n dev  # you will find a default sa

       kubectl describe sa default -n dev

       


      kubectl get secret -n dev

      kubectl describe secret default-token-bplrk -n dev

      


       kubectl get secret default-token-bplrk -n dev -o yaml


   # Let's decode the namespace(ZGV2 in the above screenshot) it should be dev

          echo ZGV2 | base64 -d

CA confirmation   

If we decode ca.crt value and check /etc/kubernetes/ca.crt it should be same

        token is encrypted jwt token it is passed to apiserver when sa communicate to apiserver.

Access API Server

        kubectl config view # to find the cluster dns server

  •         consider cluster server is https://172.31.7.208:6443

       curl  https://172.31.7.208:6443/api --insecure

You will find that we are not able to access the api, so let's access it with the service account. Decode the token of dev namespace and run the below command

curl https://172.31.7.208:6443/api --insecure --header "Authorization: Bearer <<token decoded value >>


So it means the default service account can communicate to the API Server and the same service account is by default used with POD and that why the POD can communicate with API server

 




COMMENTS

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SDLC Quiz,3,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
item
DevOpsWorld: Kubernetes - Service Account
Kubernetes - Service Account
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7SnxEfJZkmxa_tS_P5jU6tw3l6CiStXXycUaO0bl0Z40QyKoljGmmZNti-17xXJ7emjBFtgpXxBtsJLKwWNa3HUJFALlD9m8CdZNEtR0V4MYSTVg3MlDkk3tIwYRc_nb59SGgYVrW-pcimthiOfV1fAKObVOdLOm14Sv8loSBc2hFsDqeEILIDkjW/w464-h92/Capture.JPG
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7SnxEfJZkmxa_tS_P5jU6tw3l6CiStXXycUaO0bl0Z40QyKoljGmmZNti-17xXJ7emjBFtgpXxBtsJLKwWNa3HUJFALlD9m8CdZNEtR0V4MYSTVg3MlDkk3tIwYRc_nb59SGgYVrW-pcimthiOfV1fAKObVOdLOm14Sv8loSBc2hFsDqeEILIDkjW/s72-w464-c-h92/Capture.JPG
DevOpsWorld
https://www.devopsworld.co.in/2022/09/kubernetes-service-account.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/09/kubernetes-service-account.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content