Create a Service Account for Kubernetes


To authenticate to your Kubernetes cluster, create a service account in the desired namespace, and assign the cluster admin role to it.


  1. To create the service account, run the create command on the kubectl command line tool.

    For example, run the following command:

    kubectl create serviceaccount cvbackup -n namespace


    • cvbackup is the name of the service account

    • namespace is the name of the namespace where the service account is created

  2. To ensure that the service account has sufficient privileges to perform data protection operations, run the following command to add the service account to the default-sa-crb cluster role binding.

    kubectl create clusterrolebinding default-sa-crb --clusterrole=cluster-admin --serviceaccount=namespace:cvbackup
  3. Run the following command to extract the service account token required to configure your Kubernetes cluster for data protection.

    kubectl get secrets -n namespace -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='cvbackup')].data.token}"|base64 --decode

What to Do Next

Use the Kubernetes service account cvbackup, and the token obtained in step 2, for service account authentication to your Kubernetes cluster.