Hi, I would like to ask if there is any way to access a newly created namespace using a ServiceAccount. If the newly created namespace (by SA) is correctly labeled and annotated it will be assigned to the existing project of the "parent" NS. But the SA doesn't "inherit" any permission to access the new NS or to create Pods within it. I found

clusterrole/<project-id>-namespaces-edit

and tried to bind it using clusterrolebindig to the SA in the "parent" NS, but still the SA have no access to the new NS. As far as I know, there is one way that is to create RoleBinding in the new NS that references the SA of the "parent" NS. But that requires the SA to have a CRB in order to create Role and RB in the new NS, since it doesn't have any permissions for the new NS yet. But I would like to avoid the SA to have any CRB. Is there any solution? Thank you