Member-only story
kubernetes service accounts and rbac
kubernetes: Show Me Your ID 🕵️♂️
peter-pod: 😎
So, how did peter-pod get this VIP access to the Kubernetes cluster? Let’s dive in!
For peter-pod to get the list of pods from the cluster it’s running in, it needs to authenticate to the API server.
Simple enough, right? But here’s the thing — Peter-pod needs an identity to walk into the Kubernetes cluster and do its thing. After all, it’s not human! We can’t just let it walk in like it owns the place (although that would be awesome if it could, right?). 😂
For this kind of use cases we have “Service Accounts” in kubernetes. They’re the superheroes that give our pods a shiny new identity.
Let’s start and give Peter a new life…🚀
We’ll be using Minikube to create our Kubernetes cluster for this little experiment.
minikube startNow, let’s deploy our peter-pod.
apiVersion: v1
kind: Pod
metadata:
name: peter-pod
namespace: default
spec:
containers:
- name: kubectl
image: bitnami/kubectl:latest
command: ["sleep", "3600"]