[HELP] Service account related question -- CKAD

[ncoderslab]

what I have to do there? As per the instruction we have to update only the deployment, not the role.

[santhu-msciflex]

I found another SA in the hagfish namespace and configured this SA as serviceAccountName: for the pod in deployment. If I remember correctly, Pod was running without error. Question says to resolve the error.

[ncoderslab]

@santhu-msciflex question is not clear to me, we can solve the issue in a different way, simplest is to remove the default SA and if there is any other one then use that or create one role with deployment list capabilities and bind with the default SA, but I think your solutions that they want, that is why they ask to edit the deployment. If we create a new role and bind the role with default SA then we don't need to edit the deployment, maybe we need to redeploy it to take the effect of the role changes.

[maggnus]

Replace default account name with the SA from the rolebindings
k get rolebindings -ojsonpath='{.subjects[0].name}'

[sachin-kansal]

while i was creating a job i faced the same issue, i had secret of type token, role and rolebinding but i forgot to mount the token in my job check is serviceAccountAutomountToken is set to true in the deployment config.
assuming the role, rolebinding, secret and SA are correctly configured and only change need to be made in the deployment.