# Kubernetes 服务账户 {% hint style="success" %} 对应的[官方文档地址](https://bitwarden.com/help/kubernetes-service-accounts/) {% endhint %} Kubernetes 服务账户可用于将特定的安全上下文应用到特定的 Pod。例如,在您需要以无根模式运行 BitWarden 服务器的场景中,这非常有用,因为包含的 SQL 容器需要提升权限。 > **\[译者注]**:Pod,是 Kubernetes 的基本调度单位。一个 Pod 里面通常运行一个或多个容器,这些容器共享网络、存储卷、运行上下文等。可以理解为「容器组」。 您创建并配置了具有所需权限的服务账户后,请更改 `my-values.yaml` 文件中的任何 Pod 服务账户名称(例如,`database.podServiceAccount`)。例如,为 `component.admin.podServiceAccount` 分配了名为 `bitwarden-sa` 服务账户的 `my-values.yaml` 文件应如下所示: ```yml component: # The Admin component admin: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: ghcr.io/bitwarden/admin resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" securityContext: podServiceAccount: bitwarden-sa ``` 符合服务账户指定资格的 Pod 包括: * `component.admin.podServiceAccount` * `component.api.podServiceAccount` * `component.attachments.podServiceAccount` * `component.events.podServiceAccount` * `component.icons.podServiceAccount` * `component.identity.podServiceAccount` * `component.notifications.podServiceAccount` * `component.scim.podServiceAccount` * `component.sso.podServiceAccount` * `component.web.podServiceAccount` * `database.podServiceAccount` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.ppgg.in/docs/self-hosting/deploy-and-configure/configuration-options/kubernetes-service-accounts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.