github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
03ece333c8
kubernetes/docs/service_accounts.md
Eric Tune 8a7e22dba2 Update Admission Control docs and add others. 
Address most of the comments from #8936 review.
Adds minimal documentation for securityContext and serviceAccounts,
which I will expand in a future PR.
Adds analytics.
Links admission_controllers.md from cluster-admin-guide.
2015-06-03 13:56:46 -07:00

1.1 KiB
Raw Blame History

Service Accounts

A serviceAccount provides an identity for processes that run in a Pod. The behavior of the the serviceAccount object is implemented via a plugin called an Admission Controller. When this plugin is active (and it is by default on most distributions), then it does the following when a pod is created or modified:

  1. If the pod does not have a ServiceAccount, it modifies the pod's ServiceAccount to "default".
  2. It ensures that the ServiceAccount referenced by a pod exists.
  3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pods ServiceAccount does not reference.
  4. If the pod does not contain any ImagePullSecrets, the ImagePullSecrets of the ServiceAccount are added to the pod.
  5. If MountServiceAccountToken is true, it adds a VolumeMount with the pod's ServiceAccount API token secret to containers in the pod.

Analytics