0

I'm going to have an unknown number of users access my K8s (specifically OpenShift if that helps) cluster. Each user will have their own random namespace. So I do not know the namespaces in advance as they will be dynamically created. But I want each user to be able to utilize a ServiceAccount that I create ahead of time.

So, if I create a ServiceAccount fooSA in my namespace foo, I'd like to be able to define a deployment that utilizes fooSA from the bar namespace. For example:

myapp.yaml

...
spec:
  serviceAccount: fooSA
...

kubectl apply -f myapp.yaml -n bar

How can I accomplish this?

As ServiceAccounts are namespace scoped I cannot figure out a way to accomplish this.

elatedgoat
  • 11
  • 3
  • Much like credentials in other use cases, you shouldn't be sharing them between your workloads. Use [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) instead. – George Aristy Nov 02 '22 at 01:29
  • @elatedgoat Could you please share the status of your issue; If you have resolved your issue please post it so, that other community members can see it. – Abhijith Chitrapu Dec 19 '22 at 11:26

0 Answers0