Documentation

Differences Between ServiceAccount and KubeConfig

Table 1 Differences between Kubernetes authentication modes

Authentication Credential

Component

Difference

ServiceAccount
  • Ascend Operator
  • Ascend Device Plugin
  • NodeD
  • Volcano
  • ClusterD

The token file of the ServiceAccount is mounted to the physical machine in plaintext, which may be exposed.

Imported KubeConfig file

Resilience Controller

After being imported using the encryption tool provided by cluster scheduling components, the data is written into disks in ciphertext. The tool does not provide the decryption and export functions, ensuring high security. If the ServiceAccount is configured and the KubeConfig file is imported, the latter has a higher priority.
Parent topic: Appendixes
This site uses cookies to improve your browsing experience. By continuing to browse this site, you agree to our use of cookies.View Details