Kubernetes Service Account Token
Summary
Kubernetes Service Account Token authenticates requests to a Kubernetes API server.
Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to identity provider users and groups.
How to configure
- Enterprise
- Kubernetes
Set the Kubernetes Service Account Token under General route settings in the Console:
YAML/JSON settings | Type | Usage |
---|---|---|
kubernetes_service_account_token | string | optional |
kubernetes_service_account_token_file | bearer token file path | optional |
Examples
kubernetes_service_account_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJ...
kubernetes_service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token