diff --git a/internal/deployer/k8s_secret.go b/internal/deployer/k8s_secret.go
index 89789269..70c60d7d 100644
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@@ -9,6 +9,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 
 	"github.com/usual2970/certimate/internal/domain"
@@ -118,19 +119,26 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 }
 
 func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
-	kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
-	if err != nil {
-		return nil, err
+	var config *rest.Config
+	var err error
+	if access.KubeConfig == "" {
+		config, err = rest.InClusterConfig()
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
+		if err != nil {
+			return nil, err
+		}
+		config, err = kubeConfig.ClientConfig()
+		if err != nil {
+			return nil, err
+		}
 	}
-	config, err := kubeConfig.ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-
 	client, err := kubernetes.NewForConfig(config)
 	if err != nil {
 		return nil, err
 	}
-
 	return client, nil
 }
diff --git a/ui/src/components/certimate/AccessKubernetesForm.tsx b/ui/src/components/certimate/AccessKubernetesForm.tsx
index bb84c89c..23a696a9 100644
--- a/ui/src/components/certimate/AccessKubernetesForm.tsx
+++ b/ui/src/components/certimate/AccessKubernetesForm.tsx
@@ -37,7 +37,7 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
     configType: accessTypeFormSchema,
     kubeConfig: z
       .string()
-      .min(1, "access.authorization.form.k8s_kubeconfig.placeholder")
+      .min(0, "access.authorization.form.k8s_kubeconfig.placeholder")
       .max(20480, t("common.errmsg.string_max", { max: 20480 })),
     kubeConfigFile: z.any().optional(),
   });
@@ -191,3 +191,4 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
 };
 
 export default AccessKubernetesForm;
+
diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json
index 100b6fbe..cd56f3b9 100644
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@@ -69,9 +69,9 @@
   "access.authorization.form.ssh_key_passphrase.placeholder": "Please enter Key Passphrase",
   "access.authorization.form.webhook_url.label": "Webhook URL",
   "access.authorization.form.webhook_url.placeholder": "Please enter Webhook URL",
-  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig (Null will use pod's ServiceAccount)",
   "access.authorization.form.k8s_kubeconfig.placeholder": "Please enter KubeConfig",
-  "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file",
+  "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file (Null will use pod's ServiceAccount)",
 
   "access.group.tab": "Authorization Group",
 
diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json
index 41f761a2..64bfa84a 100644
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -69,7 +69,7 @@
   "access.authorization.form.ssh_key_passphrase.placeholder": "请输入 Key 口令",
   "access.authorization.form.webhook_url.label": "Webhook URL",
   "access.authorization.form.webhook_url.placeholder": "请输入 Webhook URL",
-  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig(不选将使用Pod的ServiceAccount)",
   "access.authorization.form.k8s_kubeconfig.placeholder": "请输入 KubeConfig",
   "access.authorization.form.k8s_kubeconfig_file.placeholder": "请选择文件",