Rohit:
Hello,
Can someone please help on how create a new sa in the existing namespace, but which must not have access to any secrets?
Sathish Puranik:
Create SA then create a role and rolebinding to deny access to secrets.
Ted:
newly created sa’s don’t have access to secrets
also look into `
automountServiceAccountToken: false
Sathish Puranik:
Deny I mean you can just attach rolebinding with restrict to list pods or some sort access without secret access.
Ted:
you cannot do restictions in RBAC rules