Start course

In order to manage the resources inside a Kubernetes cluster, you will need to have the right permissions. This course will demonstrate how to use Kubernetes role-based access control (RBAC) to create roles and bind them to both user and service accounts.

If you have any comments or feedback, feel free to reach out to us at:

Learning Objectives

  • Create Kubernetes service and user accounts
  • Grant permissions to accounts to modify Kubernetes resources
  • Access GCP resources from your GKE cluster

Intended Audience

  • Engineers who want to deploy applications on a Kubernetes cluster
  • People who want to get GCP certified (eg: Professional Cloud Developer)


  • Basic understanding of Kubernetes
  • Experience building and deploying containers
  • Complete the “GKE Services and Network Policies Course” course

So at this point, you should have a better understanding of how to secure access to your Kubernetes cluster using accounts. Let's do a quick recap of everything that was covered. First, I covered Kubernetes service accounts, which provide an identity for pods. Service accounts are namespaced, and managed inside of Kubernetes.

Next I covered Kubernetes user accounts, which provide an identity for users. These are global and managed inside of Google Cloud. The two types of user accounts are Google Accounts and Google Cloud service accounts. You can grant permissions to both service and user accounts by using Role Based Access Control or RBAC.

Finally, I showed you how to set up Google Workload Identity to grant access from your GKE cluster to other resources in your Google Cloud account. This links the permissions from a Google Service Account to one of your Kubernetes service accounts. Well, that's all I have for you today. Remember to give this course a rating, and if you have any questions or comments, please let us know. Thanks for watching and make sure to check out our many other courses at Cloud Academy.

About the Author
Learning Paths

Daniel began his career as a Software Engineer, focusing mostly on web and mobile development. After twenty years of dealing with insufficient training and fragmented documentation, he decided to use his extensive experience to help the next generation of engineers.

Daniel has spent his most recent years designing and running technical classes for both Amazon and Microsoft. Today at Cloud Academy, he is working on building out an extensive Google Cloud training library.

When he isn’t working or tinkering in his home lab, Daniel enjoys BBQing, target shooting, and watching classic movies.