Skip to main content

K8SaaS Service account by Trustnest IAM.

tip

Available From Copernic 3.7+

Overview

Kubernetes service accounts

Are Kubernetes resources, created and managed using the Kubernetes API, meant to be used by in-cluster Kubernetes-created entities, such as Pods, to authenticate to the Kubernetes API server or external services. Kubernetes service accounts are distinct from Identity and Access Management (Trustnest IAM) service accounts.

Trustnest Service account

A service account is a technical account to get an identity (without MFA) to Trustnest COTS. Usually, the name of the account contains "svc" prefix in the domain. Warning: most COTS provides token generation (associated to a user) --> make sure you need absolutely a service account BEFORE requesting it.

From outside kubernetes:

You may want to have a CI/CD pipeline which deploys application into kubernetes. To do so, you can't use a nominative kubernetes kubeconfig because of Multi-Factor Authentication. To do so, you can now request a Service Account with Trustnest IAM.

You can request your Service account creation here

Then follow the documentation here to help setup your CICD.

From inside kubernetes:

By default any container runs with a default service account with limited rights. If you need Kubernetes service accounts you can follow this documentation here