Support for service accounts in user related fields/flags/headers is under documented

**This is a Feature Request**

How service accounts are identified in:

- The `SubjectAccessReview` API `User` field
- The `AdmissionReview` APIs `UserInfo` field
- The `ImpersonateUser` header
- `kubectl --as `

..is under documented. 

In all cases, service accounts can be referenced via `system:serviceaccount:{service account username}:{service account name}`.

https://kubernetes.io/docs/reference/access-authn-authz/authentication/ is the best documentation I could fine. It points out that Service accounts authenticate with the username `system:serviceaccount:(NAMESPACE):(SERVICEACCOUNT)`. But it took me quite a while to find this, and it still wasn't obvious that user fields all accept 

- https://kubernetes.io/docs/concepts/security/service-accounts/
- https://kubernetes.io/docs/reference/access-authn-authz/authorization/ (has one example of --as which helps signficantly)


**What would you like to be added**

All API "user" fields/flags/headers also somehow document that service accounts are supported.

**Why is this needed**

It takes way to long to figure out what is supported by use fields/flags/headers without this documentation. I ended up figuring it out mostly by searching the public web and by trying things out on a cluster.

**Comments**

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for service accounts in user related fields/flags/headers is under documented #39720

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support for service accounts in user related fields/flags/headers is under documented #39720

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions