OpenShift Serviceaccounts Explained¶
Introduction¶
OpenShift security combines Kubernetes RBAC with Security Context Constraints, service accounts, project isolation, and image controls. Troubleshoot security by testing the same identity that runs the workload.
Core Concepts¶
OpenShift builds on Kubernetes with projects, Routes, ImageStreams, Builds, Operators, SCCs, and integrated platform administration.
Practical Examples¶
oc get serviceaccount web-sa -n app
oc auth can-i use scc/restricted-v2 --as=system:serviceaccount:app:web-sa
oc get rolebinding -n app
oc describe pod -l app=web -n app
Example output:
NAME SECRETS AGE
web-sa 0 3d
yes
Verification¶
oc auth can-i get pods -n app --as=developer
oc auth can-i use scc/anyuid --as=system:serviceaccount:app:web-sa
oc get rolebinding -n app
Common Mistakes¶
- Looking only at the final error and ignoring events.
- Checking the wrong project with oc.
- Changing several objects at once before confirming the current state.
Quick Checklist¶
- Confirm the active project.
- Inspect the exact object named in the error.
- Read recent events.
- Apply one focused fix.
- Verify status after the change.
Related Guides¶
Summary¶
OpenShift Serviceaccounts Explained is best understood through the OpenShift objects involved and the oc commands that verify their current state.