OpenShift - Create Service Accounts

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

By default, a Service Account will not be assign a Role Binding or a Cluster Role Binding or a Security Context Constraint (SCC). Typically, Service Accounts are associated with a Security Context Constraint (SCC) and then one or more deployments are configured have the Service Account to control certain things that the deployment is and is not allowed to do. Check out my article Run a deployment with a Service Account and Security Context Constraint.

The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.

~]$ oc create serviceaccount my-service-account
serviceaccount/my-service-account created


Or, a JSON or YAML file that contains key value pairs used to create an object, such as a config map, deployment, a project, a pod, a route, a secret, a service, et cetera. These files are known as templates. The oc explain command can be used to get the list of keys that can be used in the JSON or YAML template file.

oc explain serviceaccount


And then more details on each key can be displayed.

oc explain serviceaccount.metadata


For example, let's say you have a YAML file named serviceaccount.yml that contains the following markup.

apiVersion: v1
kind: ServiceAccount
  name: my-service-account


The oc apply or oc create command with the -f or --filename option can be used to create the pod using the template JSON or YAML file.

The oc replace command can be used to replace a pod using a new or updated template JSON or YAML file.

The oc edit command can be used to update a pods template YAML file.

~]$ oc create -f serviceaccount.yml 
serviceaccount/my-service-account created


The oc get serviceaccounts (or just oc get sa) command can be used to list the Service Accounts that have been created in the current project / namespace.

~]$ oc get serviceaccounts
NAME                  SECRETS   AGE
default               2         388d
my-servie-account     2         112s


The oc describe serviceaccount command can be used to show more details of a specific Service Account.

~]$ oc describe serviceaccount my-service-account
Name:                my-service-account
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  my-service-account-dockercfg-57b6r
Mountable secrets:   my-service-account-token-sfrpr
Tokens:              my-service-account-token-6x45k
Events:              <none>


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter d9ac8 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |