Skip to content


Use service accounts to provide an identity for pods.

Use an existing ServiceAccount

To reference a service account created outside of your deployment definition, use the following. Note that this does not create a new object, and will therefore not be included in the resulting manifest.

import * as kplus from 'cdk8s-plus-17';

const serviceAccount = kplus.ServiceAccount.fromServiceAccountName('aws-service');

Allowing access to secrets

To create a new service account, and give it access to some secrets, use the following:

import * as kplus from 'cdk8s-plus-17';
import * as k from 'cdk8s';

const app = new k.App();
const chart = new k.Chart(app, 'Chart');

const awsCreds = kplus.Secret.fromSecretName('aws-creds');
const awsService = new kplus.ServiceAccount(chart, 'AWS');

// give access to the aws creds secret.