Ping a Specific Port

Question

Ben Davis

Asked: 2020-08-07 14:44:38 +0800 CST2020-08-07 14:44:38 +0800 CST 2020-08-07 14:44:38 +0800 CST

What permissions does a pod have when accessing the Kubernetes API?

772

The kubernetes documentation states the following under "Accessing the API from within a Pod":

The easiest way to use the Kubernetes API from a Pod is to use one of the official client libraries. These libraries can automatically discover the API server and authenticate.

I have pods running theia-ide, a cloud-based IDE, where each user can access the console for their container. Can they access the Kubernetes API from that container without authenticating?

1 Answers

Voted

Ben Davis · Answer 1 · 2020-08-07T15:09:43+08:00

Best Answer

Ben Davis

2020-08-07T15:09:43+08:002020-08-07T15:09:43+08:00

I found some other documentation that explained things further. Apparently pods get assigned to the default service account, which (as I understand) does not come with any permissions by default. If a pod needs more permissions, you can create a custom service account with its own role bindings, and then assign the pod to use that service account instead of default using the spec.serviceAccountName property.

1

What permissions does a pod have when accessing the Kubernetes API?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?