Skip to main content

Kubernetes Service Account Token

Summary

Kubernetes Service Account Token authenticates requests to a Kubernetes API server.

Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to identity provider users and groups.

How to configure

Set the Kubernetes Service Account Token under General route settings in the Console:

Set k8s service account token in the Console

Examples

kubernetes_service_account_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJ...

kubernetes_service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token