Pod references a service account that does not exist
Production Risk
Pod creation fails entirely; deployment rollouts are blocked.
ServiceAccountNotFound occurs when a pod spec references a serviceAccountName that does not exist in the pod's namespace. The pod will not be created; the API server rejects it. Service accounts must exist before pods that reference them are created, making ordering important in deployment pipelines.
- 1serviceAccountName in the pod spec refers to a non-existent service account
- 2Service account was in a different namespace than the pod
- 3Service account was deleted while pods still reference it
- 4Helm chart or manifest applied in the wrong order — SA resource not yet created
Pod creation is rejected by the API server with a service account not found error.
kubectl apply -f pod.yaml # Error from server (BadRequest): error when creating "pod.yaml": # Pod "mypod" is invalid: spec.serviceAccountName: not found kubectl get serviceaccounts -n mynamespace
expected output
Error from server (BadRequest): ...Pod "mypod" is invalid: spec.serviceAccountName: not found
Fix 1
Create the missing service account
WHEN Service account does not exist in the namespace
kubectl create serviceaccount my-service-account -n mynamespace # Or with a YAML manifest apiVersion: v1 kind: ServiceAccount metadata: name: my-service-account namespace: mynamespace
Why this works
Creates the service account object so the pod spec reference can be resolved.
Fix 2
Verify service account is in the correct namespace
WHEN Service account may exist but in a different namespace
kubectl get serviceaccounts --all-namespaces | grep my-service-account
Why this works
Service accounts are namespace-scoped; a pod can only reference an SA in its own namespace.
Kubernetes Documentation
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev