If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
By default, a Service Account will not be assign a Role Binding or a Cluster Role Binding or a Security Context Constraint (SCC). Typically, Service Accounts are associated with a Security Context Constraint (SCC) and then one or more deployments are configured have the Service Account to control certain things that the deployment is and is not allowed to do. Check out my article Run a deployment with a Service Account and Security Context Constraint.
The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.
~]$ oc create serviceaccount my-service-account serviceaccount/my-service-account created
Or, a JSON or YAML file that contains key value pairs used to create an object, such as a config map, deployment, a project, a pod, a route, a secret, a service, et cetera. These files are known as templates. The oc explain command can be used to get the list of keys that can be used in the JSON or YAML template file.
oc explain serviceaccount
And then more details on each key can be displayed.
oc explain serviceaccount.metadata
For example, let's say you have a YAML file named serviceaccount.yml that contains the following markup.
apiVersion: v1 kind: ServiceAccount metadata: name: my-service-account
The oc apply or oc create command with the -f or --filename option can be used to create the pod using the template JSON or YAML file.
The oc replace command can be used to replace a pod using a new or updated template JSON or YAML file.
The oc edit command can be used to update a pods template YAML file.
~]$ oc create -f serviceaccount.yml serviceaccount/my-service-account created
The oc get serviceaccounts (or just oc get sa) command can be used to list the Service Accounts that have been created in the current project / namespace.
~]$ oc get serviceaccounts NAME SECRETS AGE default 2 388d my-servie-account 2 112s
The oc describe serviceaccount command can be used to show more details of a specific Service Account.
~]$ oc describe serviceaccount my-service-account Name: my-service-account Namespace: default Labels: <none> Annotations: <none> Image pull secrets: my-service-account-dockercfg-57b6r Mountable secrets: my-service-account-token-sfrpr my-service-account-dockercfg-57b6r Tokens: my-service-account-token-6x45k my-service-account-token-sfrpr Events: <none>