• Actualités techniques
• Blockchain
• Business model and startup mistakes
• Devoxx
• Docker and Kubernetes
  • Docker
  • Kubernetes Admin
  • Kubernetes Core
    • Accessing a Kubernetes cluster
    • Acronyms
    • Architecture
    • Configuration
    • Installation
    • Linux Foundation
    • Object types
    • Security and monitoring
      • 1. Authentication
      • 2. Authorization
      • 3. Admission Control
      • Limit and Quota Management
      • Liveness and Readiness Probes
      • Monitoring, Logging, Troubleshooting
      • Network Policies
      • Pod Security Policies
      • Security Context
    • Volumes
  • Kubernetes Ecosystem
• GIT
• GitHub
• Jenkins
• Languages
• Legal aspects
• Management et RH
• Organisation
• Privacy
• RDF
• Reactive and microservices
• Security
• Software Engineering
• Spring
• SQL and NoSQL
• UML
• Web Design

1. Authentication

Authentication strategies.
User accounts versus service accounts

Service account

Identifies an in-cluster process.
The Service Account users are tied to a given Namespace and mount the respective credentials to communicate with the API server as Secrets.

kubectl create serviceaccount --namespace my-ns foo

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: my-ns

→ Both solutions create a secret (JWT token) to authenticate the service account.

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  serviceAccountName: foo
  ...

Proudly Powered by Zim 0.75.2.

Template by Etienne Gandrille, based on ZeroFiveEight and using JQuery Toc Plugin.