Roxana:
Hi, how can we change the serviceAccount for a deployment? It can’t be changed directly with the edit pod command
Dhawan Shringi:
From what I understand you should be able to edit deployment, which will allow you to edit the pod spec in the deployment and that way you can add the serviceAccount to the pod definition.
Apaar Sharma:
No, you cannot change the service account in a pod, you’ll have to delete and recreate. you can in a deployment though. as any changes to the deployment triggers a new rollout.
Roxana:
thanks, it worked, I updated it in the deployment
Fernando Jimenez:
That’s the great thing about a deployment, the pod is immutable, it can not be changed without having to create another one, but you place it in a deployment and you can edit there and the deployment will terminate those pods previously managed by it and recreate a new set.
unnivkn:
use imperative command instead of edit. try this: k create sa john
k create deployment my-deploy --image=nginx --replicas=2
k set sa deploy my-deploy john
controlplane $ k describe deployments.apps my-deploy | grep -i account
Service Account: john
controlplane $
controlplane $ k describe po my-deploy-6d97845bc8- | grep -i account
/var/run/secrets/kubernetes.io/serviceaccount from john-token-nr2j2 (ro)
/var/run/secrets/kubernetes.io/serviceaccount from john-token-nr2j2 (ro)
controlplane $