Skip to main content


Source: base/pkg/kusion_models/kube/frontend/serviceaccount/service_account.k

Schema ServiceAccount

A service account provides an identity for processes that run in a Pod.
ServiceAccount binds together:
- a name, understood by users, and perhaps by peripheral systems, for an identity
- a principal that can be authenticated and authorized
- a set of secrets
More info:\#ServiceAccount

Base Schema



Name and DescriptionTypeDefault ValueRequired
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount.
More info:\#specifying-imagepullsecrets-on-a-pod
secrets: [{str:str}], default is Undefined, optional.
Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
More info:
[{str: str}]Undefinedoptional
secrets[{str: str}]Undefinedoptional


my_service_account = ServiceAccount {
name: "my-service-account"
namespace = "my-service-account-namespace"
labels: {
tier: "monitoring"
imagePullSecrets: [
name: "my-secret"
secrets: [
name: "my-secret"