It is being asked to utilize the service account with least privileges (Apply the principle of least privilege and use the service account with the minimum privileges (excluding the default service account)
We have 4 serviceaccounts in omni ns
NAME SECRETS AGE
default 1 2m35s
fe 1 2m35s
frontend 1 2m34s
frontend-default 1 2m34s
Deault needs to be excluded as mentinoned in the question
serviceaccount fe is bound to rolebinding fe which has role fe.
root@controlplane:/# kubectl describe role fe -n omni
Name: fe
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
configmaps [] [] [create delete]
secrets [] [] [create delete]
serviceaccount frontend is bound to rolebinding frontend which has role frontend.
root@controlplane:/# kubectl describe role frontend -n omni
Name: frontend
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
secrets [] [] [create]
How could serviceaccount frontend-default be the one which has least privileges , as it is not attached to any of the two rolebindings? The least privilege service account in this case should be privilege whose role allows to create secrets only.