[Kubernetes] Service Accounts

You can use specialized ServiceAccounts with restricted permissions to allow containers to access the Kubernetes API.

  • Every namespace has a default service account.
  • Each service account has a matching secret object, which has a token.
  • When a pod is created, a service account token is mounted automatically.
    • The pod is accessing Kubernetes APIs using the mounted service account token.
Continue reading “[Kubernetes] Service Accounts”

Kubernetes – Networking

Kubernetes mangages many pods and containers. The management of networking in a cluster is not a simple matter. Kubernetes is doing the job using the CNI (Container Network Interface) plugins. There are many CNI providers, such as Flannel, Calico, Canal, and Weave Net.

Continue reading “Kubernetes – Networking”