github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-31 05:40:42 +00:00
Code Issues Projects Releases Wiki Activity
Files
09e1a044ad97fc48f32c09cf4054d6bee1cc582b
kubernetes/docs/service_accounts.md
Eric Tune 8a7e22dba2 Update Admission Control docs and add others. 
Address most of the comments from #8936 review.
Adds minimal documentation for securityContext and serviceAccounts,
which I will expand in a future PR.
Adds analytics.
Links admission_controllers.md from cluster-admin-guide.
2015-06-03 13:56:46 -07:00

1.1 KiB
Raw Blame History

Service Accounts

A serviceAccount provides an identity for processes that run in a Pod. The behavior of the the serviceAccount object is implemented via a plugin called an Admission Controller. When this plugin is active (and it is by default on most distributions), then it does the following when a pod is created or modified:

  1. If the pod does not have a ServiceAccount, it modifies the pod's ServiceAccount to "default".
  2. It ensures that the ServiceAccount referenced by a pod exists.
  3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pods ServiceAccount does not reference.
  4. If the pod does not contain any ImagePullSecrets, the ImagePullSecrets of the ServiceAccount are added to the pod.
  5. If MountServiceAccountToken is true, it adds a VolumeMount with the pod's ServiceAccount API token secret to containers in the pod.

Analytics