I want to run 2 containers in a pod (sidecar pattern), Of which one of the container must be running with restricted access. In K8s service account is common for all containers in the pod, is it possible to run a sidecar with a different service account or with no service account?
I just asked the same question for init container in the slack group. The answer was a no.
Although, one user had the idea of manually mounting a SA token into the initcontainer or sidecar in your case and disabling automounting of SA.