Difference between revisions of "Kubernetes service account"

From wikieduonline
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 11: Line 11:
 
== Commands ==
 
== Commands ==
 
* <code>[[kubectl get serviceaccounts]], [[kubectl get sa]]</code>
 
* <code>[[kubectl get serviceaccounts]], [[kubectl get sa]]</code>
 +
** <code>[[kubectl get sa -n kube-system]]</code>
 
* <code>[[kubectl create serviceaccount]], [[kubectl create sa]]</code>
 
* <code>[[kubectl create serviceaccount]], [[kubectl create sa]]</code>
 
* <code>[[kubectl describe sa]]</code>
 
* <code>[[kubectl describe sa]]</code>
Line 17: Line 18:
 
[[Helm v2]] (deprecated)
 
[[Helm v2]] (deprecated)
 
* <code>[[helm init]] --stable-repo-url=https://charts.helm.sh/stable --service-account [[tiller]] --tiller-image ghcr.io/helm/tiller:v2.16.1</code>
 
* <code>[[helm init]] --stable-repo-url=https://charts.helm.sh/stable --service-account [[tiller]] --tiller-image ghcr.io/helm/tiller:v2.16.1</code>
 
  
 
== Errors ==
 
== Errors ==
 
* <code>Error creating: pods "your_pod" [[is forbidden]]: [[error looking up service account]] default/your_service_account: serviceaccount "your_service_account" [[not found]]</code>
 
* <code>Error creating: pods "your_pod" [[is forbidden]]: [[error looking up service account]] default/your_service_account: serviceaccount "your_service_account" [[not found]]</code>
 
* {{impersonator}}
 
* {{impersonator}}
 +
 +
== Changelog ==
 +
* Conflicting issuers between [[JWT authenticators]] and service account config are now detected and fail on API server startup.
 +
 +
== News ==
 +
* [[v1.31]] Bound [[Kubernetes service account|service account]] token improvement (<code>[[ServiceAccountTokenNodeBinding]]</code>)<ref>https://kubernetes.io/blog/2024/08/13/kubernetes-v1-31-release/#bound-service-account-token-improvements</ref>
  
 
== Related ==
 
== Related ==
Line 29: Line 35:
 
* [[Kubernetes roles]]
 
* [[Kubernetes roles]]
 
* [[Token]]: <code>[[aws eks get-token]]</code>
 
* [[Token]]: <code>[[aws eks get-token]]</code>
* [[Serviceaccounts controller]]
+
* [[Kubernetes controller manager]]
* [[BoundServiceAccountTokenVolume]]
+
* <code>[[BoundServiceAccountTokenVolume]]</code>
* <code>[[system:]]</code>
 
 
* [[ServiceAccount admission controller]]: <code>[[/var/run/secrets/kubernetes.io/serviceaccount]]</code>
 
* [[ServiceAccount admission controller]]: <code>[[/var/run/secrets/kubernetes.io/serviceaccount]]</code>
 +
* <code>[[default]]</code>
 +
* <code>[[kubectl describe clusterrolebindings]]</code>
 +
* [[Kubernetes users]], [[Kubernetes groups]]
  
 
== Activities ==
 
== Activities ==
Line 42: Line 50:
 
* {{Kubernetes Authentication}}
 
* {{Kubernetes Authentication}}
 
* {{Kubernetes RBAC}}
 
* {{Kubernetes RBAC}}
 +
* {{Kubernetes users}}
  
 
[[Category:K8s]]
 
[[Category:K8s]]

Latest revision as of 14:55, 12 September 2024

system:serviceaccount: (singular) is the prefix for service account usernames.
system:serviceaccounts: (plural) is the prefix for service account groups.

Commands[edit]


Helm v2 (deprecated)

Errors[edit]

Changelog[edit]

  • Conflicting issuers between JWT authenticators and service account config are now detected and fail on API server startup.

News[edit]

Related[edit]

Activities[edit]

See also[edit]

  • https://kubernetes.io/blog/2024/08/13/kubernetes-v1-31-release/#bound-service-account-token-improvements
  • Advertising: