Skip to main content

Kubernetes Service Account Token

  • yaml/json setting: kubernetes_service_account_token / kubernetes_service_account_token_file
  • Type: string or relative file location containing a Kubernetes bearer token
  • Optional
  • Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJ... or /var/run/secrets/kubernetes.io/serviceaccount/token

Use this token to authenticate requests to a Kubernetes API server.

Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.