Creating a Service Account for Kubernetes Authentication

You can create a Kubernetes service account for authentication to your Kubernetes cluster.

The Kubernetes service account that is used to access Kubernetes must have the cluster admin role assigned.


  1. To create a Kubernetes service account (for example, cvbackup), use the kubectl command line tool.

    kubectl create serviceaccount cvbackup

  2. To ensure that the service account has sufficient privileges to perform data protection operations, add the service account to the default-sa-crb cluster role binding.

    kubectl create clusterrolebinding default-sa-crb --clusterrole=cluster-admin --serviceaccount=default:cvbackup

  3. Extract the service account token required to configure your Kubernetes cluster for data protection.

    kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='cvbackup')].data.token}"|base64 --decode

  4. Use the Kubernetes service account cvbackup, and the token obtained in step 2, for service account authentication to your Kubernetes cluster.

Last modified: 3/10/2021 12:50:35 PM