Service Accounts for Podfleeting
- Référence externe : https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
- Référence externe : https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
When you create a pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace
You can access the API from inside a pod using automatically mounted service account credentials
When you create a pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace.
Every namespace has a default service account resource called default
a token has automatically been created and is referenced by the service account.
service account has to exist at the time the pod is created, or it will be rejected.
cannot update the service account of an already created pod.
User accounts are for humans. Service accounts are for processes, which run in pods.
User accounts are intended to be global. Names must be unique across all namespaces of a cluster. Service accounts are namespaced.