Service Accounts

Shows how to create/manage Grafana Service Accounts.

To find all possible configuration options, look at our API documentation.

apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaServiceAccount
metadata:
  name: mysa
spec:
  name: "my-service-account"
  role: "Admin"
  isDisabled: false
  instanceName: "grafana"
  tokens:
    - name: "my-token-a"
      secretName: thatsfine
      expires: 2029-12-31T14:00:00+02:00
    - name: "my-token-b"

Which should result in the following secrets:

apiVersion: v1
kind: Secret
metadata:
  # labels/annotations/... Omitted for brevity
  name: thatsfine
  namespace: default
data:
  token: Z2xzYV9GdXllSHk3V2Y0MjExbFNIRkpReTRPczljMnFtaUZZVl9iZDliYzk5YQ==
---
apiVersion: v1
kind: Secret
metadata:
  # labels/annotations/... Omitted for brevity
  generateName: grafana-my-service-account-my-token-b-
  name: grafana-my-service-account-my-token-b-4v9mh
  namespace: default
data:
  token: Z2xzYV9sMXlwaFI3NkdXcWVzV3R5QWEzR1NQTGpjNXhoZGJSUl82NjM5NzQxMQ==

Last modified October 13, 2025: generate rbac for operator running in different namespace (#2221) (117dd83)