Orka Cluster: Manage Service Accounts
(Admin-only) How to manage service accounts in your Orka cluster.
Service accounts are intended for use with CI/CD integrations. They don't require username/password credentials to log in and let CI/CD integrations bypass the browser login. The tokens for service accounts also have an extended duration of 1 year.
Administrators can manage service accounts only from the Orka cluster.
Administrators can manage users and other administrators only from the Customer Portal. See Customer Portal: Manage Users.
Before you begin
Create a service account
You can create a service account with access to the orka-default
namespace or to another custom namespace. You can later add the service account to additional role bindings for other namespaces.
Run the following command:
orka3 sa create <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]
If <TARGET_NAMESPACE> is not provided, Orka creates the service account
in the 'orka-default' namespace.
curl -X 'POST' \
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d ''
Obtain a service account token
To use a service account, you need to obtain a token for it. Service account tokens have a lifetime of 1 year.
Run the following command:
orka3 serviceaccount token <SERVICE_ACCOUNT>
curl -X 'POST' \
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>/token' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
}'
Delete a service account
You can delete a service account that you no longer need or whose access you want to revoke. This operation invalidates all authentication tokens issued for the respective service account.
Run the following command:
orka3 sa delete <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]
If <TARGET_NAMESPACE> is not provided, Orka tries to delete the service account
from the 'orka-default' namespace.
curl -X 'DELETE' \
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
See also
Updated about 1 year ago