Kubernetes Service Account in detail | Service Account tutorial

Показать описание

In this video I talked about what are Kubernetes Service Account resources and how do we can use them in the processes (programs) that are running in Kubernetes, to access Kubernetes API-Server.

We also talked about the controllers that are responsible for creating the Service Accounts in every namespace and making sure that the Service Account that is being referred from Pod is actually available.

Apart from that we actually looked into the content of the secret that gets create when we create a Service Account, how we can create that secret by our own.

There was some confusion at 27:15 where I wanted to confirm if the command that we ran `kubectl get pods` was using the token that was mounted in the pod but in hurry couldn't confirm. Here is how the log looks like
```
kubectl get pods -v 6
```

Web:

*SA : Service Account

00:00 Introduction
00:18 Agenda
00:27 Users of Kubernetes Cluster
02:18 What are Kubernetes Service Accounts
03:45 Service Account Controllers
04:44 Default Service Account in a Pod and privilege
06:40 Summary of what have been discussed
07:20 Secret that Service Account refers to
08:40 Create a namespace to demo things
09:45 Detailed look into the Service Account's Secret
14:30 What is token in the SA's Secret
15:16 Using details from SA's Secret to access API Server
19:10 How SA details are mounted in Pod
21:00 How an application uses the mounted SA
22:50 Access that default SA has
28:36 Name format of SA user
29:29 Don't mount SA token automatically
31:41 Creating SA secret manually
33:05 Creating custom Service Account
35:09 Like and Subscribe

Vivek Singh

Рекомендации по теме

Комментарии

Thank you for wonderful explanation. I think grep didn't work because -v6 verbose is throwing stderr. 2&>1 is needed.

ThePrateekShrivastava

best video for service account explanation 💪💪

AkshayGupta-ddht

Crystal clear explanation . Thank you so much

sankardev

Highly appreciate your time and efforts, I was just looking for the mechanism you explained in the beginning of the video.
keep up the good work, Blesses

Zeid_Al-Seryani

Great one bro. Thanks for the explanation.

vignesh

Not found such awesome video in YouTube about kubernetes service account i love your explanation ... Please make video about ingress controller

farukabdullah

Thank you Vivek for sharing your insight with us. It is useful to all the developers who are looking for an improvement in SA understanding.

anuyajoshi

Such a great video! Its so informative and provides a deep understanding about sa. Great job!

gairika

Very useful video, I have recommended this video to my colleagues as well

dheerajpall

Hii Vivek!..You explain the topics in a very good way..Your videos help me a lot Thank you.Please make video on metric-server and how we can get the data of usage of kubernetes cluster.

hrishikeshmishra

change your keyboard it's very frustrating. your voice is slow but the keyboard noise is too high. your knowledge is next level i admire it. Please change keyboard

harry

Again, Great Job Vivek, Highly appreciate it. Also as I am following through your playlist on k8s, I think there is a need to have a video on workload Identity as well, as it is a great concept and confuses a lot of people.

soumilkhandelwal

Dear Vivek

Nice explanation but I have a query to understand this topic properly. When service account was mounted to the pod and curl command was hit, it means someone intercepted that request and inserted the Authorization header for SA token.

Who is that someone?
Will the authorization header be added in every kind of request going out of the pod i.e. rest, grpc etc
I am unable to find any detail on internet about how the SA token is inserted in auth header. If for some call/reason I don't want to include service account then how that can be achieved.

ashishnitj

Hi,
I want to know, how we can use custom SA, in a POD, using which we can access other services.
You have explained very well how to create custom SA, but how we can apply allow and deny policy and use it within pods?

Amarjeet-fblk

Hi Vivek...nice k8s videos ..if I create custom sa then how can I link to particular pod....is it through labels and selectors?

venkatsai

can a default service account access other namespaces as well ?

TheNishi

normal user k bre mein apne strtng mein kya kaha smjh nhi aya client to api server k liye toh service account but wht u have said about the admin normal users i didnt get it plz elaborate

shamstabrez

Kubernetes Service Account in detail | Service Account tutorial

What are Kubernetes Service Accounts?

Kubernetes Service Account in detail | Service Account tutorial

Day 25/40 - Kubernetes Service Account - RBAC Continued

What are Service Accounts?

Kubernetes 1 24 - ServiceAccounts and secrets

Getting started with Kubernetes service accounts

RBAC in Kubernetes

Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!

AWS DevOps Course. Task 3. K8s Cluster Configuration and Creation

Kubernetes Service Account

Kubernetes Service Accounts: A Step-by-Step Tutorial with Demo | Kubernetes Tutorials in Hindi

Kubernetes Security Simplified | Role, ClusterRole, RBAC, RoleBinding, IRSA, Service Account

6-kubernetes. Users. Role. RoleBindings. Service accounts. Kubernetes на русском (Практический курс)...

29 Kubernetes service Accounts

Kubernetes IAM Role For Service Accounts | Demo | Simply Explained

Understanding Kubernetes RBAC | Access control basics explained

Kubernetes RBAC Explained

Kubernetes in Arabic 51 - Service Account

What is a Service Account in 60 seconds

Kubernetes - 33. RBAC : Service Account et Cluster Role

IAM Roles for Service Accounts & Pods: (IRSA EKS | IAM OIDC Provider | AWS EKS | Kubernetes)

Azure Kubernetes Service (AKS) Tutorial: (Terraform - Nginx Ingress & TLS - OIDC Workload Identi...

Secure access to GKE workloads with Workload Identity

IAM Roles for Service Accounts | Learn about IRSA with demo in 20 mins