In K8s, a service account is an account used by container processes within Pods to authenticate with the K8s API. If your Pods need to communicate with the K8s API, you can use service accounts to control their access.

Creating ServiceAccounts

Relevant Documentation: Configure Service Accounts for Pods, Using RBAC Authorization

1. Create a basic ServiceAccount using the YAML file my-serviceaccount.yml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-serviceaccount

Save the above content in my-serviceaccount.yml file.

To create the ServiceAccount, run the following command:

kubectl create -f my-serviceaccount.yml

1. Create a ServiceAccount with an imperative command:

kubectl create sa my-serviceaccount2 -n default

1. View your ServiceAccount:

kubectl get sa

1. Attach a Role to the ServiceAccount with a RoleBinding. Create a YAML file sa-pod-reader.yml with the following content:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: sa-pod-reader
  namespace: default
subjects:
- kind: ServiceAccount
  name: my-serviceaccount
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

1. To create the RoleBinding, run the following command:

kubectl create -f sa-pod-reader.yml

1. Get additional information for the ServiceAccount:

kubectl describe sa my-serviceaccount