Use of default service account in namespace

Are there guidelines for when it is and isn’t wise to use the default service account in a namespace? says:

… the infamous default service accounts, which you shouldn’t be using …

Yet I have found no other articles or documentation warning against the use of the default service account in namespaces. (In contrast to using the default namespace and its service account, which clearly is not a good choice).

Given that a namespace’s default service account is unique to that namespace, what are the risks associated with using the default service account?

We are inclined to use the default service account in cases where a namespace has only one or a few pods that are closely related and we don’t anticipate using multiple service accounts. In cases where multiple service accounts are expected within a namespace, we would not use the default service account (it would be awkward to use the default account + other custom named accounts, but workable)


Hello, paulsti
We used sa to give permissions to the process running inside the Pod container’s to communicate with the apiserver. In some cases, we don’t want to interact with the other process or permissions issues. You can create your own custom sa as per use cases. For that you can use RBAC.