Bootstrap FreeKB - OpenShift - Create Service Accounts
OpenShift - Create Service Accounts

Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

By default, a Service Account will not be assigned to a Role Binding or a Cluster Role Binding or a Security Context Constraint (SCC). Typically, Service Accounts are used to:

The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.

~]$ oc create serviceaccount my-service-account
serviceaccount/my-service-account created


Or, a JSON or YAML file can be used.For example, let's say you have a YAML file that contains the following markup.

apiVersion: v1
kind: ServiceAccount
  name: my-service-account
  namespace: default


The oc apply or oc create command with the -f or --filename option can be used to create the pod using the template JSON or YAML file.

The oc replace command can be used to replace a pod using a new or updated template JSON or YAML file.

The oc edit command can be used to update a pods template YAML file.

~]$ oc create -f serviceaccount.yml 
serviceaccount/my-service-account created


The oc get serviceaccounts (or just oc get sa) command can be used to list the Service Accounts that have been created in the current project / namespace.

~]$ oc get serviceaccounts
NAME                  SECRETS   AGE
default               2         388d
my-servie-account     2         112s


The oc describe serviceaccount command can be used to show more details of a specific Service Account.

~]$ oc describe serviceaccount my-service-account
Name:                my-service-account
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  my-service-account-dockercfg-57b6r
Mountable secrets:   my-service-account-token-sfrpr
Tokens:              my-service-account-token-6x45k
Events:              <none>


If the purpose of the Service Account is to have an account that has certain permissions (such as view or cluster-admin), then you will want to Add or Remove a Role Binding from a User Group or Service Account.

~]$ oc adm policy add-cluster-role-to-user basic-user -z my-service-account added: "my-service-account"


If the purpose of the Service Account is to set the Security Context Constraint for pods in the project, then you will want to Add a Security Context Constraint to a User or Group or Service Account.

~]$ oc adm policy add-scc-to-user restricted -z my-service-account added: "my-service-account"


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter e0806b in the box below so that we can be sure you are a human.