ServiceRoleBinding subject specification


What can be used as the value of the user field in the subject specification for a ServiceRoleBinding ?
Is it only service account names?

Thank you,

The user field is checked against the source.principal attribute which is the URI in the SAN field of the peer certificate stripped the “spiffe://” prefix.
Note this requires the authentication policy to be set to enable the mTLS in your cluster.

You can also take a look at this example:

Thank you for the answer. Does that mean that the following two settings are equivalent?

user: cluster.local/ns/default/sa/bookinfo-productpage


- properties:
      source.principal: "cluster.local/ns/default/sa/bookinfo-productpage"

Yes, and note they cannot be used at the same time.