Skip to Content
Kubernetes Cookbook
book

Kubernetes Cookbook

by Sébastien Goasguen, Michael Hausenblas
February 2018
Intermediate to advanced
192 pages
3h 27m
English
O'Reilly Media, Inc.
Content preview from Kubernetes Cookbook

Chapter 10. Security

Running applications in Kubernetes comes with a shared responsibility between developers and ops folks to ensure that attack vectors are minimized, least-privileges principles are followed, and access to resources is clearly defined. In this chapter, we will present recipes that you can, and should, use to make sure your cluster and apps run securely. The recipes in this chapter cover:

  • The role and usage of service accounts

  • Role-Based Access Control (RBAC)

  • Defining a pod’s security context

10.1 Providing a Unique Identity for an Application

Problem

You want to provide an application with a unique identity in order to control access to resources on a fine-grained level.

Solution

Create a service account and use it in a pod specification.

To begin, create a new service account called myappsa and have a closer look at it:

$ kubectl create serviceaccount myappsa
serviceaccount "myappsa" created

$ kubectl describe sa myappsa
Name:           myappsa
Namespace:      default
Labels:         <none>
Annotations:    <none>

Image pull secrets:     <none>

Mountable secrets:      myappsa-token-rr6jc

Tokens:                 myappsa-token-rr6jc

$ kubectl describe secret myappsa-token-rr6jc
Name:           myappsa-token-rr6jc
Namespace:      default
Labels:         <none>
Annotations:    kubernetes.io/service-account.name=myappsa
                kubernetes.io/service-account.uid=0baa3df5-c474-11e7-8f08...

Type:   kubernetes.io/service-account-token

Data
====
ca.crt:         1066 bytes
namespace:      7 bytes
token:          eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9 ...

You can use ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Kubernetes - A Complete DevOps Cookbook

Kubernetes - A Complete DevOps Cookbook

Murat Karslioglu
Hands-on Kubernetes

Hands-on Kubernetes

Sander van Vugt
Kubernetes Patterns

Kubernetes Patterns

Bilgin Ibryam, Roland Huß
Kubernetes: Up and Running

Kubernetes: Up and Running

Kelsey Hightower, Brendan Burns, Joe Beda

Publisher Resources

ISBN: 9781491979679Errata Page