Kubernetes Java API: Authorization without KubeConfig File

Essentially, I want an explanation how the following works exactly:

There are tons of examples of authenticating by using a Kube config file, but I did not find a single complete explanation how the ClientBuilder.defaultClient() method is supposed to work.

The status quo is, that my application is using this ClientBuilder.defaultClient() and it seems to work. But now I want to overhaul the related Helm Chart, where the related ServiceAccount, etc. is in. Somehow it works, but I do not understand how exactly.

What I want to precisely know:

  • What resources does the ClientBuilder.defaultClient() need, if it is initialized from within a Deployment’s Pod?
  • Does it need a ServiceAccount? If yes, how does it need to look? How does the ClientBuilder.defaultClient() know which ServiceAccount is the right one? Is assigning the ServiceAccount to the Pod enough?
  • Does the Deployment’s Pod need a ClusterRole?
  • Does the Deployment’s Pod need a ClusterRoleBinding?

As far as my research regarding this topic goes, there is almost no information available, at all, regarding this specific feature. Everything just talks about Kubeconfig files. Therefore, I need to know exactly how the ClientBuilder.defaultClient() works, to be able to modify the related resources without breaking the Deployment and its administrative position in the cluster.