0
0
KubernetesConceptBeginner · 3 min read

What is Service Account in Kubernetes: Explained Simply

A service account in Kubernetes is a special user identity assigned to pods to allow them to interact securely with the Kubernetes API. It provides credentials and permissions so pods can perform actions like reading secrets or accessing other resources without using human user accounts.
⚙️

How It Works

Think of a service account as a badge that a pod wears to prove who it is when talking to the Kubernetes system. Just like you need an ID card to enter a building, a pod needs a service account to access certain parts of the Kubernetes environment.

When a pod runs, Kubernetes automatically attaches a service account token to it. This token acts like a key, letting the pod call the Kubernetes API safely. The service account defines what the pod is allowed to do, such as reading configuration data or managing other resources.

This system keeps pods from having too much power and helps protect the cluster by limiting access based on what each pod really needs.

💻

Example

This example shows how to create a service account and use it in a pod specification.

yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
---
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  serviceAccountName: my-service-account
  containers:
  - name: my-container
    image: busybox
    command: ["sleep", "3600"]
Output
serviceaccount/my-service-account created pod/my-pod created
🎯

When to Use

Use service accounts whenever your pods need to interact with the Kubernetes API or other cluster resources securely. For example:

  • Pods that read secrets or config maps to get sensitive data.
  • Pods that need to create or update other Kubernetes objects.
  • Automated jobs or controllers that manage cluster state.

This helps keep your cluster safe by giving each pod only the permissions it needs, following the principle of least privilege.

Key Points

  • Service accounts provide identities for pods to access the Kubernetes API.
  • They use tokens mounted inside pods for authentication.
  • Permissions are controlled via roles and role bindings linked to service accounts.
  • Using service accounts improves security by limiting pod access.

Key Takeaways

Service accounts give pods a secure identity to access Kubernetes resources.
They use tokens automatically mounted inside pods for authentication.
Assign permissions to service accounts with roles to control pod access.
Always use service accounts to follow security best practices in Kubernetes.

Related by keyword

When to Use Headless Service in Kubernetes: Explained SimplyServicesHow Service Discovery Works in Kubernetes: Explained SimplyNetworkingWhat Are Endpoints in Kubernetes Service ExplainedServicesWhat is Control Plane in Kubernetes: Explained SimplyGetting StartedWhat is Controller Manager in Kubernetes: Explained SimplyGetting Started

Up next

What Is Network Policy in Kubernetes: Simple Explanation and ExampleWhat Is Pod Network in Kubernetes: Simple Explanation and ExampleHelm 2 vs Helm 3: Key Differences and When to Use EachHow to Create a Helm Chart for Kubernetes Applications

More in RBAC

How to Bind Role to Service Account in KubernetesHow to Create a Read Only User in KubernetesHow to Create a Service Account in Kubernetes: Step-by-Step GuideHow to Grant Admin Access in Kubernetes: Step-by-Step Guide