[Kubernetes] Service Accounts

You can use specialized ServiceAccounts with restricted permissions to allow containers to access the Kubernetes API.

  • Every namespace has a default service account.
  • Each service account has a matching secret object, which has a token.
  • When a pod is created, a service account token is mounted automatically.
    • The pod is accessing Kubernetes APIs using the mounted service account token.
Continue reading “[Kubernetes] Service Accounts”