Skip to main content

Kubernetes Service Account Token

Summary

Kubernetes Service Account Token authenticates requests to a Kubernetes API server.

Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to identity provider users and groups.

How to configure

Config file keyTypeUsage
kubernetes_service_account_tokenstringoptional
kubernetes_service_account_token_filebearer token file pathoptional

Examples

kubernetes_service_account_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJ...

kubernetes_service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token