1. Authentication
Contents
Authentication strategies.
User accounts versus service accounts
Service account
Identifies an in-cluster process.
The Service Account users are tied to a given Namespace and mount the respective credentials to communicate with the API server as Secrets.
kubectl create serviceaccount --namespace my-ns foo
apiVersion: v1 kind: ServiceAccount metadata: name: foo namespace: my-ns
→ Both solutions create a secret (JWT token) to authenticate the service account.
apiVersion: v1 kind: Pod metadata: name: my-pod spec: serviceAccountName: foo ...