K8SaaS Service account by Trustnest IAM.

Overview

Kubernetes service accounts(deprecated)

Are Kubernetes resources, created and managed using the Kubernetes API, meant to be used by in-cluster Kubernetes-created entities, such as Pods, to authenticate to the Kubernetes API server or external services. Kubernetes service accounts are distinct from Identity and Access Management (Trustnest IAM) service accounts.

Trustnest Service account, Service Principal

A service account is a technical account to get an identity (without MFA) to Trustnest COTS. Usually, the name of the account contains "svc" prefix in the domain. Warning: most COTS provides token generation (associated to a user) --> make sure you need absolutely a service account BEFORE requesting it.

From outside kubernetes:

You may want to have a CI/CD pipeline which deploys application into kubernetes. To do so, you can't use a nominative kubernetes kubeconfig because of Multi-Factor Authentication. To do so, you can now request a Service Principal with Trustnest IAM.

You can request your Service principal creation here

Then follow the documentation here to help setup your CICD.

From inside kubernetes:

By default any container runs with a default service account with limited rights. If you need Kubernetes service accounts you can follow this documentation here

Overview​

Kubernetes service accounts(deprecated)​

Trustnest Service account, Service Principal​

From outside kubernetes:​

From inside kubernetes:​

Overview

Kubernetes service accounts(deprecated)

Trustnest Service account, Service Principal

From outside kubernetes:

From inside kubernetes: