Kubernetes Service Account Name

This page explains how to use the Kubernetes Service Account Name identifier to uniquely identify workloads deployed on Kubernetes.

Understanding the Kubernetes service account name identifier

In Kubernetes, service accounts provide an identity for processes that run in a pod. You can assign each pod a service account, and the pod uses this account when it interacts with the Kubernetes API or other services.

Using the service account name as an identifier is useful when you want to manage Access Policies tied to the identity of workloads, rather than their namespace or pod name.

Applicable deployment type

Aembit supports the Kubernetes Service Account Name identification method for Edge-based deployments on Kubernetes.

Create a Client Workload with a Kubernetes service account name identifier

To configure a Client Workload with a Kubernetes Service Account Name identifier, follow these steps:

Log into your Aembit Tenant.
Click Client Workloads in the left nav pane.
Click New, revealing the Client Workload pop out menu.
Enter the Name and optional Description for the Client Workload.
Under Client Identification, select Kubernetes Service Account Name.

For Value, enter the name of the Kubernetes Service Account used by the workload.

For example, if your service account is app-sa, enter that in the Value field.

If you don’t know the service account name or how to find it, see Find Kubernetes Service Account Name.
Click Save.

Aembit displays the new Client Workload on the Client Workloads page.

Find Kubernetes service account name

To find the Kubernetes Service Account Name used by a workload, follow these steps:

Use the command: kubectl get serviceaccount -n <namespace>
Locate the service account associated with your workload in the output.
Use the value in the NAME column as the identifier in your Aembit configuration.