Day 25/40 - Kubernetes Service Account - RBAC Continued

About this video

### Summary of the Video on Kubernetes Service Accounts: 1. **Introduction to Service Accounts**: - This is video 25 in the CKA 2024 series, focusing on Kubernetes service accounts. - Service accounts are essential for Kubernetes and cloud environments, used by applications and bots rather than humans. 2. **Types of Users in Kubernetes**: - **Human Users**: Individuals who log in for administrative or operational tasks. - **Service Accounts**: Non-human users (automation users/bot users) used by applications like Jenkins, Prometheus, and Datadog for executing tasks programmatically. 3. **Default Service Accounts**: - Each namespace has a default service account created automatically. - Recent Kubernetes versions (post-1.22/1.24) no longer create default secrets or tokens with the service account. 4. **Creating a Service Account**: - Command: `kubectl create serviceaccount ` - Example: Created a service account named `BuildSA` in the default namespace. 5. **Long-Lived API Tokens**: - Can be created for service accounts using YAML configurations. - Example: Created a secret named `build-robot-secret` of type `kubernetes.io/service-account-token`. 6. **Image Pull Secrets**: - Used to pull images from private repositories securely. - Command: `kubectl create secret docker-registry --docker-server= --docker-username= --docker-password=` 7. **Assigning Permissions to Service Accounts**: - Service accounts require roles and role bindings for permissions. - Example: Created a role `build-role` with verbs `list`, `get`, and `watch` for resource `pods`. - Role binding command: `kubectl create rolebinding --role= --serviceaccount=:` 8. **Accessing Pods with Service Accounts**: - Default service account details are mounted in pods at `/var/run/secrets/kubernetes.io/serviceaccount`. - Includes files: `token`, `namespace`, and `ca.crt`. 9. **Practical Demonstration**: - Demonstrated creating a service account, assigning permissions, and accessing pod information using the service account. - Showed how to delete a service account: `kubectl delete serviceaccount `. 10. **Best Practices**: - Use service accounts for programmatic interactions instead of human users for security and automation purposes. - Mount secrets as volumes rather than injecting them directly into pods for secure access. 11. **Hands-On Task**: - Encouraged viewers to complete a task in the GitHub repository related to image pull secrets and service accounts. - Highlighted its importance for upcoming projects and CKA exam preparation. 12. **Community Engagement**: - Requested likes, comments, and shares to support the video. - Invited questions and feedback via comments or Discord server. 13. **Conclusion**: - Summarized key points about service accounts and their usage in Kubernetes. - Thanked viewers and encouraged sharing the learning opportunity with others. This comprehensive summary captures the main points and practical demonstrations covered in the video.

Course: Certified Kubernetes Administrator Full Course For beginners | CKA 2025

This playlist contains the complete CKA series for beginners, based on the latest 2025 curriculum. It includes 40+ videos with hands-on demos, assignments, and exam-based scenarios. We will cover everything from the basics to the Advanced, including fundamental concepts such as Docker, containers, Docker storage and networking, DNS, etc.