Day 37: MASTER Kubernetes Service Accounts & Authentication | CKA Course 2025
Day 37: MASTER Kubernetes Service Accounts & Authentication | CKA Course 2025
👉 GitHub Repository: https://github.com/CloudWithVarJosh/CKA-Certification-Course-2025
👉 CKA 2025 Playlist: https://youtube.com/playlist?list=PLmPit9IIdzwRjqD-l_sZBDdPlcSfKqpAt&si=1JNRkoNa75AOJx0o
📚 Welcome to Day 37!
In this lecture, we dive deep into Kubernetes Service Accounts and Authentication, a core part of how internal workloads authenticate to the API server.
We start with an overview of Kubernetes authentication mechanisms, then focus on ServiceAccounts — what they are, how they work, and how they’re used by pods. This is especially critical for securing non-human interactions like CI/CD pipelines or controllers talking to the cluster.
You’ll learn about default service accounts, token types, projected tokens, and how to properly authenticate Jenkins using a short-lived token with the TokenRequest API. Everything is explained with practical demos and real-world use cases.
📝 What We’ll Cover:
✅ Authentication flow in Kubernetes
✅ Why ServiceAccounts exist and how pods use them
✅ Auto-mounting behavior and how to disable it
✅ Long-lived vs short-lived tokens
✅ Projected tokens and the TokenRequest API
✅ Creating and binding a ServiceAccount for Jenkins
✅ Demo: Secure Jenkins integration using TokenRequest
💡 By the end of this lecture:
You’ll have complete clarity on how workloads authenticate inside Kubernetes, how to manage service accounts securely, and how to transition away from deprecated token methods.
🔗 Stay Connected:
👉 LinkedIn: https://linkedin.com/in/varun-joshi-2b516752
👉 GitHub: https://github.com/CloudWithVarJosh
💬 Got questions? Drop them in the comments — I’ll reply ASAP!
🔥 Don’t forget to like, share, and subscribe to stay updated with the CKA 2025 series!
⏰ Timestamps:
00:00:00 Introduction
00:00:39 Understanding Authentication in Kubernetes
00:18:53 Cluster Access: Who Authenticates and How?
00:20:22 Service Accounts Deep Dive
00:27:43 Inspecting Default Service Accounts via CLI
00:36:26 How Pods Authenticate Using Service Accounts
00:39:34 Service Account Tokens: Legacy vs Projected
00:48:37 Service Accounts for Automation: Internal vs External Use
00:58:23 Demo: Create and Secure Jenkins Service Account
01:11:12 Outro & Next Steps
🔖 Hashtags:
#Kubernetes #CKA #CloudWithVarJosh #KubernetesRBAC #RBAC #RoleBinding #ClusterRole #CKACourse #CKA2025 #CKAExam #DevOps #KubernetesSecurity #KubernetesAccess #ClusterSecurity #ServiceAccounts #KubernetesAuthorization #KubernetesRoles #AuthorizationFlow #CKALecture #KubernetesTraining #SecureClusters
Видео Day 37: MASTER Kubernetes Service Accounts & Authentication | CKA Course 2025 канала Cloud With VarJosh
👉 GitHub Repository: https://github.com/CloudWithVarJosh/CKA-Certification-Course-2025
👉 CKA 2025 Playlist: https://youtube.com/playlist?list=PLmPit9IIdzwRjqD-l_sZBDdPlcSfKqpAt&si=1JNRkoNa75AOJx0o
📚 Welcome to Day 37!
In this lecture, we dive deep into Kubernetes Service Accounts and Authentication, a core part of how internal workloads authenticate to the API server.
We start with an overview of Kubernetes authentication mechanisms, then focus on ServiceAccounts — what they are, how they work, and how they’re used by pods. This is especially critical for securing non-human interactions like CI/CD pipelines or controllers talking to the cluster.
You’ll learn about default service accounts, token types, projected tokens, and how to properly authenticate Jenkins using a short-lived token with the TokenRequest API. Everything is explained with practical demos and real-world use cases.
📝 What We’ll Cover:
✅ Authentication flow in Kubernetes
✅ Why ServiceAccounts exist and how pods use them
✅ Auto-mounting behavior and how to disable it
✅ Long-lived vs short-lived tokens
✅ Projected tokens and the TokenRequest API
✅ Creating and binding a ServiceAccount for Jenkins
✅ Demo: Secure Jenkins integration using TokenRequest
💡 By the end of this lecture:
You’ll have complete clarity on how workloads authenticate inside Kubernetes, how to manage service accounts securely, and how to transition away from deprecated token methods.
🔗 Stay Connected:
👉 LinkedIn: https://linkedin.com/in/varun-joshi-2b516752
👉 GitHub: https://github.com/CloudWithVarJosh
💬 Got questions? Drop them in the comments — I’ll reply ASAP!
🔥 Don’t forget to like, share, and subscribe to stay updated with the CKA 2025 series!
⏰ Timestamps:
00:00:00 Introduction
00:00:39 Understanding Authentication in Kubernetes
00:18:53 Cluster Access: Who Authenticates and How?
00:20:22 Service Accounts Deep Dive
00:27:43 Inspecting Default Service Accounts via CLI
00:36:26 How Pods Authenticate Using Service Accounts
00:39:34 Service Account Tokens: Legacy vs Projected
00:48:37 Service Accounts for Automation: Internal vs External Use
00:58:23 Demo: Create and Secure Jenkins Service Account
01:11:12 Outro & Next Steps
🔖 Hashtags:
#Kubernetes #CKA #CloudWithVarJosh #KubernetesRBAC #RBAC #RoleBinding #ClusterRole #CKACourse #CKA2025 #CKAExam #DevOps #KubernetesSecurity #KubernetesAccess #ClusterSecurity #ServiceAccounts #KubernetesAuthorization #KubernetesRoles #AuthorizationFlow #CKALecture #KubernetesTraining #SecureClusters
Видео Day 37: MASTER Kubernetes Service Accounts & Authentication | CKA Course 2025 канала Cloud With VarJosh
Kubernetes CKA CloudWithVarJosh CKACourse ServiceAccounts KubernetesAuthentication ProjectedTokens TokenRequestAPI KubernetesRBAC RBAC RoleBinding ClusterRole ClusterRoleBinding KubernetesSecurity KubernetesAuthorization KubernetesAccessControl KubernetesAdmin KubernetesTutorial KubernetesMasterclass DevOps CloudComputing SecureClusters ClusterSecurity APIserver Kubeconfig ClusterAccess Namespaces
Комментарии отсутствуют
Информация о видео
1 июня 2025 г. 13:50:05
01:11:45
Другие видео канала
