Skip to main content
(Admin-only) How to manage service accounts in your Orka cluster. Service accounts are intended for use with CI/CD integrations. They don’t require username/password credentials to log in and let CI/CD integrations bypass the browser login. The tokens for service accounts also have an extended duration of 1 year. Administrators can manage service accounts only from the Orka cluster. Administrators can manage users and other administrators only from the Customer Portal. See Customer Portal: Manage Users.

Before you begin

  1. Connect to your cluster via VPN. See here.
  2. Log in as an administrator.

Create a service account

You can create a service account with access to the orka-default namespace or to another custom namespace. You can later add the service account to additional role bindings for other namespaces. Run the following command:

Orka CLI

orka3 sa create <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]  
  
If <TARGET_NAMESPACE> is not provided, Orka creates the service account   
in the 'orka-default' namespace.

Orka API

curl -X 'POST' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-d ''

Obtain a service account token

To use a service account, you need to obtain a token for it. Service account tokens have a lifetime of 1 year. Run the following command:

Orka CLI

orka3 serviceaccount token <SERVICE_ACCOUNT>

Orka API

curl -X 'POST' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>/token' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
  
}'

Delete a service account

You can delete a service account that you no longer need or whose access you want to revoke. This operation invalidates all authentication tokens issued for the respective service account. Run the following command:

Orka CLI

orka3 sa delete <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]  
  
If <TARGET_NAMESPACE> is not provided, Orka tries to delete the service account   
from the 'orka-default' namespace.

Orka API

curl -X 'DELETE' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>'