Kubernetes – 6.4 Config and Storage – Serivce Account

什么是Service Account

Service Account是为了解决Kubernetes集群内部资源认证问题而诞生,例如Pod的进程想调用Kubernetes API或者其他外部服务。

Service Account基本操作

通过kubectl创建ServiceAccount
kubectl create sa nginx-sa
Kubernetes - 6.4 Config and Storage - Serivce Account

可以见到创建了ServiceAccount之后也自动创建了Secret对象并自动引用了
Kubernetes - 6.4 Config and Storage - Serivce Account

将Service Account绑定到Pod

kubectl apply -f nginx-pod-sa.yaml

apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.16
serviceAccountName: nginx-sa

Kubernetes - 6.4 Config and Storage - Serivce Account