GuidesAPI Reference
Guides
Join the Mailing List

Orka Cluster: Manage Service Accounts

(Admin-only) How to manage service accounts in your Orka cluster.

Suggest Edits

Service accounts are intended for use with CI/CD integrations. They don't require username/password credentials to log in and let CI/CD integrations bypass the browser login. The tokens for service accounts also have an extended duration of 1 year.

Administrators can manage service accounts only from the Orka cluster.

Administrators can manage users and other administrators only from the Customer Portal. See Customer Portal: Manage Users.

Before you begin

  1. Connect to your cluster via VPN. See here.
  2. Log in as an administrator.

Create a service account

You can create a service account with access to the orka-default namespace or to another custom namespace. You can later add the service account to additional role bindings for other namespaces.

Run the following command:

orka3 sa create <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]

If <TARGET_NAMESPACE> is not provided, Orka creates the service account 
in the 'orka-default' namespace.

curl -X 'POST' \
  'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>' \
  -d ''

Obtain a service account token

To use a service account, you need to obtain a token for it. Service account tokens have a lifetime of 1 year.

Run the following command:

orka3 serviceaccount token <SERVICE_ACCOUNT>

curl -X 'POST' \
  'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>/token' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{
  
}'

Delete a service account

You can delete a service account that you no longer need or whose access you want to revoke. This operation invalidates all authentication tokens issued for the respective service account.

Run the following command:

orka3 sa delete <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]

If <TARGET_NAMESPACE> is not provided, Orka tries to delete the service account 
from the 'orka-default' namespace.

curl -X 'DELETE' \
  'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

See also

Updated 11 months ago

© 2019-2023 Copyright MacStadium, Inc. – Documentation built with readme.com. Orka is a registered trademark of MacStadium, Inc.