apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx
  namespace: default
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/s3-reader
    eks.amazonaws.com/audience: beta-sts.amazonaws.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      labels:
        app: nginx
    spec:
      serviceAccountName: nginx
      containers:
      - image: nginx:alpine
        name: nginx
        ports:
        - containerPort: 80
        resources: {}