Internal

• Kubernetes Concepts

Transport Security

• https://kubernetes.io/docs/reference/access-authn-authz/#transport-security

Service Account

A service account provides an identity for processes that run in a pod. Pods that want to interact with the API Server will authenticate with a particular service account. By default, in absence of specific configuration, the pods will authenticate as the default service account in the namespace they are running in. A specific service account name can be specified in the pod manifest. Service accounts are rendered in logs using the following pattern: "system:serviceaccount:namespace:account-name (e.g. "system:serviceaccount:blue:default).

TODO:

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
• https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/

Default Service Account

Each namespace comes with a default service account:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
secrets:
- name: default-token-dddkl

Service Account Operations

• Details about the Namespace's Default Service Account
• Assigning a Cluster Role to a Service Account

Role Based Access Control (RBAC)

Kubernetes Role Based Access Control (RBAC) Concepts