Service accounts

WebLogic Kubernetes Operator ServiceAccounts

When the operator is installed, the Helm chart property, serviceAccount, can be specified where the value contains the name of the Kubernetes ServiceAccount in the namespace in which the operator will be installed.

The operator will use this service account when calling the Kubernetes API server and the appropriate access controls will be created for this ServiceAccount by the operator’s Helm chart.

To display the service account used by the operator, where the operator was installed using the Helm release name weblogic-operator, look for the serviceAccount value using the Helm command:

$ helm get values --all weblogic-operator

If the operator’s service account cannot have the privileges to access the cluster-level resources, such as CustomResourceDefinitions, Namespaces, and PersistentVolumes, then consider using the same dedicated namespace for each operator and the domains that each operator manages. See the Dedicated option for the domainNamespaceSelectionStrategy setting.

Additional reading