K
Q

How to check ServiceAccount to Namespace mapping in Kubernetes?

3/14/2019

Let's say I have a service account bound to a read-only role in some namespace ns1.

How can I get this token/user/ServiceAccount to namespace mapping, just by using kubectl or using REST calls to the API server? Put simply, I want to answer this question - Which namespace does this ServiceAccount belong to?

If I use the token bound to this service account to make REST API calls to get namespaces, it gives me a 403 Forbidden. I can be the admin and list all namespaces however, I cannot figure out the mapping in the question. Thanks!

-- not_again_stackoverflow
kubectl
kubernetes
kubernetes-apiserver

Similar Questions

Is there a deploy mode 'global' in Kubernetes?
What is the difference between gcloud app deploy and kubectl expose deployment?
How to connect to cloud sql from containered application in gcloud?
How to create mysql container with initial data in kubernetes?
minikube ip returns 127.0.0.1 | Kubernetes NodePort service not accessable
Kubernetes: How to take a thread dump of an app
K8S MySql configmap - Read-only file system
Need to upgrade AKS version from 1.14.8 to 1.15.10. Not sure if the Nodes will reboot with this or not

1 Answer

3/14/2019

If you have the service account name:

$ kubectl get serviceaccount <service-account-name> -o jsonpath='{.metadata.namespace}'
-- Amityo
Source: StackOverflow