6. @omerlh
Kubernetes Service Account
A service account provides an identity for a Pod.
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
15. @omerlh
Accepted Risks
• Any pod in the same namespace can mount any service account
• Pod impersonation
• Can be solved with admission controller or OPA
• Clear text traffic inside the cluster
• Service account token never expires
16. @omerlh
How do I use it?
• Simply using helm:
helm install soluto/kamus
• Checkout the install guide for secure
installation
• <blog post!>
17. @omerlh
Project Status
• Live in production for the past 6 months
• Improved based on internal feedback
• Fast adoption by developers
• Released as OSS