Use of default service account in namespace

paulsti · August 17, 2020, 7:35pm

Are there guidelines for when it is and isn’t wise to use the default service account in a namespace?

On defaults in Kubernetes RBAC - DEV Community says:

… the infamous default service accounts, which you shouldn’t be using …

Yet I have found no other articles or documentation warning against the use of the default service account in namespaces. (In contrast to using the default namespace and its service account, which clearly is not a good choice).

Given that a namespace’s default service account is unique to that namespace, what are the risks associated with using the default service account?

We are inclined to use the default service account in cases where a namespace has only one or a few pods that are closely related and we don’t anticipate using multiple service accounts. In cases where multiple service accounts are expected within a namespace, we would not use the default service account (it would be awkward to use the default account + other custom named accounts, but workable)

Thanks!

tej-singh-rana · August 21, 2020, 10:25am

Hello, paulsti
We used sa to give permissions to the process running inside the Pod container’s to communicate with the apiserver. In some cases, we don’t want to interact with the other process or permissions issues. You can create your own custom sa as per use cases. For that you can use RBAC.

Topic		Replies	Views
Service Account Access control General Discussions	0	433	October 24, 2019
Does restricting the access based on service account is really secured General Discussions	5	1233	November 13, 2019
Why are the secret content of the default serveraccount are mounted inside the pod? General Discussions	0	427	September 24, 2021
Restrict specific service account in a namespace General Discussions	1	1276	February 24, 2021
Kubernetes RBAC microk8s	0	354	March 29, 2021

Use of default service account in namespace

Related Topics