What are Kubernetes Service Accounts?
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- In this video, you'll learn all about Kubernetes service accounts.
#kubernetes #kubernetescourse
If you like the video, consider subscribing: / peterjausovec
▬▬▬▬▬▬ Connect with me ▬▬▬▬▬▬
➡️ Newsletter: learncloudnati...
➡️ Twitter: / pjausovec
➡️ LinkedIn: / pjausovec
Very nice tutorial. Thank you soo much Peter!
Glad you liked it!
what kind of cliff hanger was that ? had me at the edge of my seat!
Delete this pod…..
Very useful, thanks!
Thank you!
WoW great tutorial !!!
thank you!
love it
Thank you!
Hi Peter, thank you so much for your video. For the last missing part, I create a new service account and assign it to the pod, but still get 403 error. How can I give the new service account more permissions? Thanks.
Check out this section that talks about how to update the permissions: kubernetes.io/docs/reference/access-authn-authz/rbac/#service-account-permissions
Hi Peter, how u will give service account permission to SQS to poll the queue message. Thanks in advance.
This might help: docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
Hi Peter, I created a namespace on K8s cluster (k8s cluster version is 1.25.x) and I didn't see the secret associated with the service account (default) when I run k get sa -n . I searched some docs online, it said after k8s version 1.24.x, the secret is no longer associated with the service account. Does it correct? Thanks
Yes, you're correct. The k8s version in the video is older where the secrets were still associated with the SA. In the newer versions the serviceAccountToken projected volume is used that injects the token for the service account into the pod (e.g. /var/run/secrets/kubernetes.io/serviceaccount/token).
why i the api token mounted into the pod. Which process inside the pod would need access to it?
You container might want to use the token to interact with the k8s API server
absolute random question, what mouse and keyboard do you use? I like how it sounds.
It’s just mac laptop keyboard and trackpad :)
thank you
Where is the rest of the video?
Hi, I did it, but I got an error with DNS like this
curl: (6) Could not resolve host: kubernetes.default .
Can you help me fix it?
Are you running curl from within the cluster? Is kubernetes.default service there?
Broo.. where is the 2nd part of the video.. Thats what i really wanted to watch :/
there's a part missing at the end where I was to create a new service account (kubectl create sa my-sa) and then when creating the pod, explicitly assign that service account to the pod (instead of using the default SA).
Or was there anything else you were expecting?
Dude, you need to use smaller fonts
what's with the video ending in the middle of a thing
haha :) you're completely right -- there's a part missing at the end where I was to create a new service account (kubectl create sa my-sa) and then when creating the pod, explicitly assign that service account to the pod (instead of using the default SA).