This section describes how to manage service accounts.

A service account is a special account provided by KubeSphere for applications. Applications inside or outside the cluster can use service accounts to access the API server of the KubeSphere system.

The differences between a service account and a user account are:

  • A service account cannot be authenticated using a username and password; it can only be authenticated via tokens.

  • A service account cannot log in to the KubeSphere web console through a browser.

You can create service accounts and control their permissions by assigning project roles to them, enabling service accounts to access specific resources and perform specific operations. The system automatically creates a service account named default in each project. When a pod is created, if no service account is specified, the pod will be assigned the default service account in the project.