K
Q

use Kubernetes service account from different namespace

2/3/2022

I have created a service account SA1 in namespace NS1 and set a full configuration for SA1 (workload identity in GCP). I need to use the service account SA1 in pods from different namespaces. for now I have the pods in namespace NS1 using the SA1 

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: NS1
spec:
  serviceAccountName: SA1
-- gharbiBdr
google-kubernetes-engine
kubernetes

Similar Questions

Nodeport type service hostname cannot be resolved by kube-dns (But headless works)
helm chart init container with multiple commands
How to prevent a Cronjob execution in Kubernetes if there is already a job running
How are Kubernetes user tokens authorized?
Kubernetes Nginx Ingress HTTP to HTTPS redirect via 301 instead of 308?

1 Answer

2/3/2022

ServiceAccount is a namespaced resource in Kubernetes, meaning that it can only be referenced from pods deployed in the same namespace.

This is by design, Namespaces act as logical containers on which you apply access policies and a pod in one namespace should not be able to "steal" the serviceaccount from another (possibly unrelated) namespace

-- danielorn
Source: StackOverflow