Kubernetes service accounts allow processes in pods to connect and authenticate to the API Server. In this introductory video, we take a look at the bigger picture and demonstrate their use.
Amazing. I have been searching for a solution to create a web application to get status of k8s cluster. The explanation is phenomenal and worked this way.
This is really great. Thank you. I think now I have better understanding how K8s operator pattern communicates with the api-server via HTTPS. It was just a black box for me before I watch this :)
Greate video! Thanks for sharing! One thing I notice if you do kubectl describe sa appsa after you do the rolebinding will not list the role or the rolebinding associatted. Again Thanks!
are you going into container? how you are referring CA=/var/run... ? this path is available on the container only right ? then you did not show us how you are going into container ?
Does this demo incorporate best practices for secrets management? In other words, are there additional things one would need to do in a production environment to ensure that there is minimum risk of exfiltration of keys, or impersonation, etc.? If not, what are the next steps for finding out about securing the system?
This is indeed not a video about secrets management. It merely looks at the specific concept of Kubernetes service accounts and how you create a service account to access the Kubernetes API from inside the cluster. It does not look at Kubernetes secrets, or potentially encrypting them in etcd or how you work with application secrets from external stores etc...
i created eks cluster fargate in private subnets, while creating service account using terraform from local, giving error could not reach cluster endpoint, is it expected?