Kubernetes Security Concepts: Difference between revisions
Jump to navigation
Jump to search
Line 14: | Line 14: | ||
* https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | ||
* https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/ | * https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/ | ||
==Default Service Account== | |||
Each namespace comes with a default service account: | |||
apiVersion: v1 | |||
kind: ServiceAccount | |||
metadata: | |||
name: default | |||
namespace: default | |||
secrets: | |||
- name: default-token-dddkl | |||
=Service Account Operations= | |||
* Details about the Namespace's Default Service Account | |||
=Role Based Access Control (RBAC)= | =Role Based Access Control (RBAC)= |
Revision as of 21:16, 11 September 2019
Internal
Transport Security
Service Account
A service account provides an identity for processes that run in a Pod.
TODO:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
Default Service Account
Each namespace comes with a default service account:
apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: default secrets: - name: default-token-dddkl
Service Account Operations
- Details about the Namespace's Default Service Account
Role Based Access Control (RBAC)
In Kubernetes, granting a role to an application-specific service account is a best practice to ensure that the application is operated in a specified scope.
TODO: