Service Accounts is managed by Kubernetes API.
Service Accounts applies to Pods running inside the cluster. 
Service Accounts are used to provide an identity for Pods.
Pods that want to interact with the API server will authenticate with a particular Service Account.
Service Account can be reffered by many Pods but a pod can only be associated with one Service Account in its Namespace.
By default, pods will authenticate as the "default" Service Account in the Namespace they are running in.
If Service Account is not specified in a Pod, the Pod will run as the "default" Service Account in its Namespace.
In every Namespaces (default & custom) there will be a "default" Service Account created automatically.
For every Service Account (default & custom) there will be a token only one, the token will be stored in a Secrets.
In Service Account (default & custom) can add multiple tokens using a Secrets, the Secrets will generate a token.
The Service Account (default) token will be stored in a Secrets, the Secrets will be used in Volumes automatically mounted to the Pod Container without adding Service Account name.
The Service Account (custom) token will be stored in a Secrets, the Secrets will be used in Volumes automatically mounted to the Pod Container with adding a particular Service Account name.  

There is two types of Accounts
● User Account:- It is used to allow us, humans, to access the given Kubernetes cluster. 
                 Any user needs to get authenticated by the API server to do so. 
                 A user account can be an admin or a developer who is trying to access the cluster level resources.
                 User Account are created through the OS platforms like Windows, Linux, Mac.
● Service Account:- It is used to authenticate machine level processes to get access to our Kubernetes cluster. 
                    The API server is responsible for such authentication to the processes running in the pod.
                    Service Account are created through the Kubernetes.
