Service Account

k create sa dashboard-sa

Tokens are automatically mounted in /var/run/secrets/kubernetes.io/serviceaccount/ in pods.

# To create a short lived token, not a persistent secret
k create token default
# Old persistent token object
k create secret

Custom default SA

spec.template.spec.serviceAccountName: custom-sa

A secret:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: default-token-manual
  namespace: default
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF