Kubernetes Tips : How Service Account operates

Mr DevOps 🐳 ☸ ☁️ 🌐
1 min readNov 1, 2023

One common query that frequently arises, particularly in DevOps settings, is whether the Kubernetes service account possesses the necessary permissions.

You may have a service account allocated to pods by your team or a platform team.

It’s crucial to understand the extent of a service account’s access for activities such as pod deletion, namespace listing, or deployment removal.

Here’s a simple method to perform this check: utilize the “kubectl auth can-i” command.

For example, if you want to determine whether the “api-service-account” in the “devops-tools” namespace can delete deployments, open your terminal and input the following command:

kubectl auth can-i delete deployments - as=system:serviceaccount:devops-tools:api-service-account

Upon pressing Enter, you will receive one of two responses:

✅ Yes -> This indicates that your service account has the necessary permissions to delete deployments.

❌ No -> This signifies that the permissions are lacking.

Looking for more tips like this?

Check Out DevOps Tips in :

Website : https://devopstreet.com

Linkedin: https://www.linkedin.com/company/devopstreet

--

--

No responses yet