K
Q

Restricted Kubernetes Service account

3/12/2020

I want to create a service account which should have 0 access of k8s api. Is it possible to create such account ? What will be role definition?

-- BobCoder
kubernetes
rbac

Similar Questions

OpenShift 4.3.3, keep getting root error with containers
Why is it a lot more complex to debug local Kubernetes containers yet local Docker containers are very simple to debug?
Docker Desktop Kubernetes auth on local machine
Kubernets : You're speaking plain HTTP to an SSL-enabled server port

2 Answers

3/12/2020

You could try to define a Role like this:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: nothing
rules: []

Create it:

kubectl apply -f nothing.yaml

Then bind it to your ServiceAccount:

kubectl create rolebinding nothing --serviceaccount my-serviceaccount --role nothing
-- weibeld
Source: StackOverflow
3/12/2020

Kubernetes follows the principle of least priviledge.If you create a service account but don't attach any role binding or cluster role binding to it then it will not have any access to Kubernetes API.

-- Arghya Sadhu
Source: StackOverflow