Add a new external user (or bot) in k8s

what & why If you need to give access to your cluster to either another human or for a given service, you should create a dedicated account for it. This is how to do it. To authenticate, humans can use both the ServiceAccount resource (through a token) and as Users (trough a key and crt). Bots or non-human things should only use ServiceAccounts. A word on RBAC Role Based Access Control (RBAC) is a way of separating users from privileges, by introducing roles. Instead of linking users to privlieges directly (Jake has read access on the pods), we link users to roles, which have a given set of privileges (Jake is a developper, and the developper role has read access on pods.). We can now attach multiple users to a role, and albeit it complexifies somewhat the number of ressources, ...

October 3, 2022 · 5 min · 948 words