From the course: Securing Containers and Kubernetes Ecosystem
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authenticating service accounts - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Authenticating service accounts
- [Lecturer] So far, we talked about authenticating regular users but what about authenticating applications or more specifically pods? Kubernetes offers a construct known as ServiceAccont. Unlike user accounts kubernetes does indeed store ServiceAccount details as a ServiceAccount resource. Each pod is assigned a ServiceAccount by default. But you can and should change the default account, why? By associating a ServiceAccount to a pod gives you the developer or the admin, the flexibility to control the resources a pod will have access to. Let's see how. A pod sends a request to the API Server with an authentication token. That token uniquely identifies that pod. Upon receiving the request the API Server in turn does two things. With the help of authentication plugin it authenticates ServiceAccount and next, using the authorization plugin checks whether the requested operation is permitted for that ServiceAccount.…
Contents
-
-
-
-
-
-
-
-
(Locked)
Securing applications in Kubernetes2m 47s
-
(Locked)
Pod Security Standard3m 34s
-
(Locked)
Access management53s
-
(Locked)
Authenticating users4m 54s
-
(Locked)
Authenticating service accounts2m 11s
-
(Locked)
Authorization3m 51s
-
(Locked)
Admission control3m 20s
-
(Locked)
Security context2m 59s
-
(Locked)
Security Policy57s
-
(Locked)
Kubernetes network security3m 16s
-
(Locked)
Secrets management5m 15s
-
(Locked)
-
-
-