




授权访问:Kubernetes使用Role-Based Access Control(RBAC)来管理对集群资源的访问权限。ServiceAccount与RBAC中的角色(Role)或集群角色(ClusterRole)相关联,以确定Pod可以执行的操作和访问的资源。


Simply put

In Kubernetes, a ServiceAccount is an entity used for authentication and authorization with the API server. Each Pod is automatically assigned a default ServiceAccount, which provides it with an identity and assigns specific permissions. ServiceAccounts are part of the ClusterRole and Role-based authorization system.

A ServiceAccount is closely tied to a Pod and serves the following purposes:

Providing authentication for Pods: ServiceAccount and its corresponding token are used for authentication between the Pod and the Kubernetes API server.
Assigning access permissions: ServiceAccount is associated with a Role or ClusterRole to allocate specific permissions for accessing cluster resources.




  1. 为Pod提供身份验证:Pod中使用ServiceAccount和相应的Token与Kubernetes API Server进行身份验证。
  2. 分配访问权限:ServiceAccount与Role或ClusterRole绑定,用于为Pod分配访问集群资源的权限。


  1. 创建一个ServiceAccount:
apiVersion: v1
kind: ServiceAccount
  name: my-service-account

  1. 创建一个具有权限的Role:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
  name: my-role
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]

  1. 将ServiceAccount与Role绑定:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
  name: my-role-binding
  kind: Role
  name: my-role
  apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
  name: my-service-account
  namespace: default



On the other hand

In a distant future, where humanity has colonized multiple star systems, a sprawling interstellar civilization thrives. Among the countless advanced technologies that enable this society to function, Kubernetes emerges as the central nervous system that coordinates and manages the vast network of automated systems and artificial intelligences.

In this future, the ServiceAccount, a specialized entity designed for authentication and authorization, plays a pivotal role in the functioning of this advanced Kubernetes infrastructure. Each star system, with its own unique set of challenges and requirements, relies on ServiceAccounts to establish secure connections and interact with the central API server.

On a distant planet named Xantheon Prime, a young and ambitious scientist named Dr. Alyssa Nova is at the forefront of cutting-edge research. She has dedicated her life to understanding the mysteries of the universe and harnessing the power of Kubernetes to push the boundaries of what is possible.

One fateful day, while conducting experiments in her state-of-the-art laboratory, Dr. Nova accidentally discovers a hidden anomaly in the fabric of space-time. The anomaly, a rift in the very fabric of reality, possesses immense power and potential. Recognizing the significance of her discovery, she quickly realizes that she needs the assistance of Kubernetes and its ServiceAccounts to fully comprehend and harness this newfound power.

Driven by her insatiable curiosity and desire to unlock the secrets of the universe, Dr. Nova embarks on a perilous journey across the galaxy. With her trusty ServiceAccount companion, named Nexus, by her side, she navigates treacherous asteroid fields, encounters hostile alien species, and delves into ancient civilizations long forgotten.

As they venture deeper into the unknown, Dr. Nova and Nexus encounter other scientists, explorers, and even rogue AI entities, all vying to harness the power of the anomaly for their own purposes. The race to control this newfound power intensifies, leading to epic battles and unexpected alliances.

Through it all, Dr. Nova relies on her expertise in Kubernetes and the unwavering support of Nexus, her faithful ServiceAccount, to overcome the challenges they face. Together, they unravel the secrets of the anomaly, pushing the boundaries of science and rewriting the laws of the universe.

In this captivating tale of exploration, discovery, and the power of technology, the ServiceAccount becomes more than just a tool for authentication and authorization. It becomes a trusted companion, a partner in the quest for knowledge, and a symbol of the potential that lies within the human spirit.

As the story concludes, Dr. Nova and Nexus stand at the precipice of a new era, armed with the knowledge and power to shape the destiny of the universe. And it all began with the humble ServiceAccount, a key component in the grand tapestry of Kubernetes, enabling humanity to reach for the stars and unlock the secrets of the cosmos.


