Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
main.tf
outputs.tf
variables.tf

README.md

K8S ServiceAccount Module

This Terraform Module manages Kubernetes ServiceAccounts. This module can be used to declaratively create and update ServiceAccounts and the bound permissions that it has.

How do you use this module?

What is a ServiceAccount?

ServiceAccounts are authenticated entities to the Kubernetes API that map to container processes in a Pod. This is used to differentiate from User Accounts, which map to actual users consuming the Kubernetes API.

ServiceAccounts are allocated to Pods at creation time, and automatically authenticated when calling out to the Kubernetes API from within the Pod. This has several advantages:

  • You don't need to share and configure secrets for the Kubernetes API client.
  • You can restrict permissions on the service to only those that it needs.
  • You can differentiate a service accessing the API and performing actions from users accessing the API.

Use ServiceAccounts whenever you need to grant access to the Kubernetes API to Pods deployed on the cluster.

Why is this a Terraform Module and not a Helm Chart?

This module uses Terraform to manage the ServiceAccount resource instead of using Helm to support the use case of setting up Helm. When setting up the Helm server, you will want to setup a Namespace and ServiceAccount for the Helm server to be deployed with. This leads to a chicken and egg problem, where the Namespace and ServiceAccount needs to be created before Helm is available for use. As such, we rely on Terraform to set these core resources up.

You can’t perform that action at this time.