0Pricing
Kubernetes Basics · Lesson

Service Accounts and Workload Identity

Learn how Service Accounts give Pods their own identity, how their tokens work, and how to grant them least-privilege access.

Identity for Workloads

Users authenticate to Kubernetes, but Pods need an identity too, so they can talk to the API server safely. That identity is a Service Account.

What Is a Service Account?

A ServiceAccount is a namespaced object that represents the identity of a workload. Every Pod runs under one, defaulting to default if you do not specify.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: report-generator
  namespace: analytics

All lessons in this course

  1. Role-Based Access Control (RBAC)
  2. Network Policies for Isolation
  3. Pod Security Standards
  4. Service Accounts and Workload Identity
← Back to Kubernetes Basics