How to view the permissions/roles associated with a specific service account in k8s?

The following command could help. It basically gets the RoleBindings and ClusterRoleBindings which .subjects[0] is the name of the ServiceAccount.

$ kubectl get rolebinding,clusterrolebinding --all-namespaces -o jsonpath='{range .items[?(@.subjects[0].name=="SERVICE_ACCOUNT_NAME")]}[{.roleRef.kind},{.roleRef.name}]{end}'

Note: it will not list the RoleBindings / ClusterRoleBindings which contain several objects in the subject field

For instance, if weave-net is deployed as the network plugin, you can get the Role and ClusterRole used by the weave-net ServiceAccount:

$ kubectl get rolebinding,clusterrolebinding --all-namespaces -o jsonpath='{range .items[?(@.subjects[0].name=="weave-net")]}[{.roleRef.kind},{.roleRef.name}]{end}'[Role,weave-net][ClusterRole,weave-net]

Hope this helps.

kubectl get rolebindings,clusterrolebindings \--all-namespaces  \-o custom-columns='KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind=="ServiceAccount")].name'

you can try this command to generate a table to show the mapping

In Kubernetes, service account is mapped to privileges (cluster level or namespace level) using ClusterRoleBinding object. You need to lookup the RoleBinding or ClusterRoleBinding object and then look up the Role or ClusterRole object to see what privileges it has in the cluster.