Differences Between ServiceAccount and KubeConfig

**Table 1** Differences between Kubernetes authentication and authorization modes
Authentication Credential	Component	Difference
ServiceAccount	Resilience-Controller HCCL-Controller Ascend Device Plugin NodeD	The token file of the ServiceAccount is mounted to the physical machine in plaintext, which may be exposed.
KubeConfig file	Resilience-Controller HCCL-Controller Ascend Device Plugin NodeD	After being imported using the encryption tool provided by cluster scheduling components, the data is written into disks in ciphertext. The tool does not provide the decryption and export functions, ensuring high security. If the ServiceAccount is configured and the KubeConfig file is imported, the latter has a higher priority.

Volcano uses the ServiceAccount for Kubernetes authentication, which is the default open source configuration. The scheduling plug-in provided by the cluster scheduling component cannot be modified.

Parent topic: References