Service account in Kubernetes – A Basic Overview

Filed Under: Random
Kubernetes Service Account

Hello, readers! In this article, we will be focusing on Service Accounts in Kubernetes with a detailed explanation.

So, let begin!! 馃檪


What is a Kubernetes Service Account?

Before diving deep into the concept of Service Account, let us understand the reason for its emergence.

Authentication is an important concept of discussion and understanding when it comes to any software or infrastructure. With Kubernetes, when we (user/human) try to connect the cluster through kubectl, the APIServer actually authenticates us against a specific user account. Example: xyz@company.com. By default, the account used is admin.

But apart from users like us, at times the processes within the container may need to contact the APIServer for authentication. For example, if we wish to build an Azure pipeline to push the image to a GCR (container registry).In such scenarios, we would be needing a Service account to authenticate the process(pipeline) that would be running from within the container.

So, a Service account provides and serves as an identity for the processes that run inside a container, encapsulated within a pod. By default, Kubernetes provides us with a default service account that is associated with a particular namespace created within the cluster.

Having understood about Service accounts, let us now create a customized (user-defined) service account in a declarative manner.


Creating a Kubernetes Service account

By default, we have a default service account associated with every namespace–

kubectl get serviceaccounts -n demo
NAME      SECRETS    AGE
default   1          1d

Have a look at the below YAML–

Here, we have made use of the declarative way to create a Kubernetes Service account. The name of the service account is pipeline-demo.

Service_acc.YAML

apiVersion: v1

kind: ServiceAccount

metadata:

  name: pipeline-demo

We can associate this service account to any namespace using the below command-

kubectl apply -f Service_acc.yaml -n demo-ns

Configuring service account for pods

Once we create a service account, it is important to associate it with the particular pod/deployment to be in use for authentication. Usually, the default service account gets configured automatically for pods. To have a customized service account configured with the pod/container, we need to pass the account name in the pod definition YAML.

Have a look at the below YAML file–

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx
  serviceAccountName: pipeline-demo

In the above example, we have created a pod nginx with the image nginx and have associated the service account pipeline-demo to it. By this, the pod would perform all the authentication (through containers) in the Kubernetes environment using the specified service account.

Conclusion

By this, we have come to the end of this topic. Feel free to comment below, in case you come across any questions.

For more such posts related to Kubernetes, Stay tuned with us.

Till then, Happy Learning!! 馃檪


References

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content