Flag "--serviceaccount" in "kubectl run" is deprecated

dmsheiko

In documentation
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#run
I can see that there is a flag --serviceaccount, which sets service account in the pod.

However, when I try to use it in 1.31 I get error: unknown flag: --serviceaccount
When I try to use it in 1.23 I get warning: Flag --serviceaccount has been deprecated, has no effect and will be removed in 1.24.

This means that when I want to start new pod with given service account I can't do this with just one command as before. I have to create file (k run ... --dry-run=client -o yaml), modify it by adding "serviceAccountName" field and then create pod from the file.

But why? What is the reason to make this task more complicated?

chrispokorni

Hi @dmsheiko,

You are correct, the --serviceaccount flag is no longer supported, but the alternative solution you suggest sounds a bit complicated, yet not impossible.

However, after a minimal amount of digging around and researching, one may find a more elegant approach that simply involves the --overrides flag of the run command.

The flag can be used as follows:
--overrides='{ "spec": { "serviceAccountName": "my-service-account" } }'

It accepts either "serviceAccountName" or "serviceAccount".

Regards,
-Chris

dmsheiko

Thank you Chris for one more and more elegant approach.
I still wonder why the kubernetes developers decided to remove this feature. Was it abused? Or is it potentially dangerous?