# Headless authentication with service accounts

## `zli v. 6.14.3`

### New

* **Service accounts.** Beginning with `zli v. 6.14.3` and `bzero v. 7.3.0`, BastionZero supports headless authentication via service accounts. Generic, Google, and Microsoft service accounts are all supported. You can learn more about service accounts on [docs.bastionzero.com](https://docs.bastionzero.com/docs/admin-guide/authentication/service-accounts-management)
* **Connect to multiple Kubernetes targets.** The `zli` supports simultaneous connections to multiple Kubernetes targets and can also connect to the same target if the `targetUser` (Kubernetes role) is distinct from other running Kube connections on the same machine.\\

  <div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p><strong>IMPORTANT</strong><br><mark style="color:purple;"><strong><code>zli v. 6.14.3</code></strong></mark>** introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.**<br><br><strong>></strong> <strong><code>Bzero-context</code></strong> is <em>no longer used</em> to connect to your cluster. Instead, all contexts follow a format that includes both the <code>targetUser</code> (Kubernetes role) and <code>targetName</code> (cluster name): <mark style="color:purple;"><code>bzero-{targetUser}@{targetName}</code></mark><br><strong>></strong> Each Kubernetes connection creates an additional context entry following the same <code>bzero-</code> format mentioned above<br><strong>></strong> <code>zli generate kubeConfig</code> is <em>no longer required</em> before connecting to a Kubernetes target. Simply run <code>zli connect {targetUser}@{targetName}</code>, and the <code>zli</code> will update your <code>kubeconfig</code> to a new context entry to connect to your target<br><strong>></strong> Before upgrading, adjust any tooling that relies on the former context name, <code>bzero-context</code></p></div>

{% hint style="info" %}

## Some quick how-to's

* To view open Kubernetes connections, use `zli list-connections -t kube` or `zli lc` to see what Kubernetes connections exist.
* To display a list of your Kube connections and their corresponding context name, use `zli list-daemons kube` or `zli ld kube`.
* To close a Kubernetes connection, use `zli close <connection-id>` for a specific connection or `zli close -t kube` to close all Kubernetes connections.
* To disconnect from the Kubernetes daemon, use `zli disconnect kube`.
* To set a specific port when connecting, use --customPort. A free port to use for the Kube daemon is decided at connection time instead of being loaded from the config.
* To set a default namespace when using `zli connect`, use the `--namespace` flag. This `namespace` is used as a default when using `kubectl` and other clients that respect the `kubeconfig` namespace field.

Find more information on connecting to your Kubernetes clusters with BastionZero in our [docs](https://docs.bastionzero.com/docs/user-guide/connecting-to-your-targets#kubernetes-clusters).
{% endhint %}

### Fixes

* **`zli send-logs`.** Resolved issue so `zli send-logs` sends `zli` logs when no daemon logs exist

## `bzero v. 7.3.0`

{% hint style="info" %}
**IMPORTANT REMINDER**

For those who use Helm to install the Kubernetes `bzero` agent, you must update the Helm repository to chart version `>= 1.1.3` before doing a fresh install of the `bzero` agent. You can do this with <mark style="color:purple;">`helm repo update`</mark>.

This action updates the `bctl-agent` role to include permissions for retrieving logs from pods within the deployed namespace for the `zli send-logs` feature. **Even if you do not intend to use `send-logs`, you must be using chart version `>= 1.1.3` for any new Helm installations to be compatible with the new backend changes. We strongly recommend everyone who uses Helm takes this action.**
{% endhint %}

### New

* **Service accounts.** To use service accounts, you must be running a minimum of `zli v. 6.14.3` and `bzero v. 7.3.0`. <mark style="color:purple;">**Older versions of bzero do not support the service account feature**</mark>

## Web app & backend

### New

* **Service accounts.** Event logs, policy, and user management have been updated to include service accounts

### Fixes

* **Last login.** Resolved issue with login records that caused intermittent issues with the onboarding tool\\

For questions or to give us feedback on how we can make our updates better, reach out to [<mark style="color:purple;">product@bastionzero.com</mark>](mailto:product@bastionzero.com).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://changes.bastionzero.com/2022/readme-1-1-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.