发表新帖
发表新帖

Kubernetes namespace default service account

前端 未结
关注
2 1561
不知归路
不知归路 2021-02-02 17:39

If not specified, pods are run under a default service account.

  • How can I check what the default service account is authorized to do?
  • Do we need it to be m
2条回答
  • 南笙
    南笙 (楼主)
    2021-02-02 17:56

    An application/deployment can run with a service account other than default by specifying it in the serviceAccountName field of a deployment configuration.

    What I service account, or any other user, can do is determined by the roles it is given (bound to) - see roleBindings or clusterRoleBindings; the verbs are per a role's apiGroups and resources under the rules definitions.

    The default service account doesn't seem to be given any roles by default. It is possible to grant a role to the default service account as described in #2 here.

    According to this, "...In version 1.6+, you can opt out of automounting API credentials for a service account by setting automountServiceAccountToken: false on the service account".

    HTH

    0 讨论(0)
 看不清?
提交回复
热议问题