Create a Service Account for Kubernetes


On this page

To authenticate to your Kubernetes cluster, create a service account in the desired namespace, and assign the cluster admin role to it.

To create a custom ClusterRole and associate it with a service account, see Role-Based Access Control (RBAC) for Kubernetes.


  1. To create the service account, run the create command on the kubectl command line tool.

    For example, run the following command:

    kubectl create serviceaccount cvbackup -n namespace


    • cvbackup is the name of the service account

    • namespace is the name of the namespace where the service account is created

  2. To ensure that the service account has sufficient privileges to perform data protection operations, run the following command to add the service account to the default-sa-crb cluster role binding.

    kubectl create clusterrolebinding default-sa-crb --clusterrole=cluster-admin --serviceaccount=namespace:cvbackup
  3. Run the following command to extract the service account token.

    You will enter the token in the Kubernetes guided setup.

    kubectl describe secret -n namespace $(kubectl get secret -n namespace -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='cvbackup')]}")

    For OpenShift, run the following command:

    oc sa get-token cvbackup -n namespace