Version: 6.4.1

Kubernetes Service Accounts

This page provides information on configuring service accounts within Kubernetes.

Service accounts are used in Kubernetes to associate permissions with processes running in pods. Kubernetes service accounts can be configured to have different levels of access.

In Cortex Fabric service are used accounts to associate credentials (ImagePullSecrets) with the default service account (as described in Post Deployment step 4) to allow pulling images from authenticated Docker Registries (DockerHub, Quay, jFrog, etc.).

Other Types of Service Accounts

To avoid confusion it is important to note that there are two types of service accounts at play in cloud-based systems running Kubernetes.

Kubernetes service accounts (described above)
Identity and Access Management (IAM) service accounts that are specific to your cloud provider.

The following cloud provider features are used to link IAM and Kubernetes service accounts:

AWS uses IRSA
GCP uses Workload Identities
Azure currently does not provide an equivalent feature.

How Service Accounts are Used in Cortex

Service Accounts flow

#Other Types of Service Accounts

#How Service Accounts are Used in Cortex

Other Types of Service Accounts

How Service Accounts are Used in Cortex