diff --git a/charts/deckhand/templates/deployment.yaml b/charts/deckhand/templates/deployment.yaml
index b4e92be1..ae3a84fd 100644
--- a/charts/deckhand/templates/deployment.yaml
+++ b/charts/deckhand/templates/deployment.yaml
@@ -17,6 +17,8 @@
 {{- $dependencies := .Values.dependencies.deckhand }}
 {{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }}
 {{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }}
+{{- $serviceAccountName := "deckhand" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@@ -33,6 +35,7 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
diff --git a/charts/deckhand/templates/job-db-init.yaml b/charts/deckhand/templates/job-db-init.yaml
index d9259057..46c722dc 100644
--- a/charts/deckhand/templates/job-db-init.yaml
+++ b/charts/deckhand/templates/job-db-init.yaml
@@ -19,6 +19,8 @@ limitations under the License.
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
 {{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
+{{- $serviceAccountName := "deckhand-db-init" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@@ -30,6 +32,7 @@ spec:
       labels:
 {{ tuple $envAll "deckhand" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
diff --git a/charts/deckhand/templates/job-db-sync.yaml b/charts/deckhand/templates/job-db-sync.yaml
index e2cd894d..bf193016 100644
--- a/charts/deckhand/templates/job-db-sync.yaml
+++ b/charts/deckhand/templates/job-db-sync.yaml
@@ -19,6 +19,8 @@ limitations under the License.
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }}
 {{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }}
+{{- $serviceAccountName := "deckhand-db-sync" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@@ -30,6 +32,7 @@ spec:
       labels:
 {{ tuple $envAll "deckhand" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
diff --git a/charts/deckhand/templates/job-ks-endpoints.yaml b/charts/deckhand/templates/job-ks-endpoints.yaml
index 1dd5ceac..f088579e 100644
--- a/charts/deckhand/templates/job-ks-endpoints.yaml
+++ b/charts/deckhand/templates/job-ks-endpoints.yaml
@@ -13,7 +13,9 @@
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
-
+{{- $serviceAccountName := "deckhand-ks-endpoints" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -24,11 +26,12 @@ spec:
       labels:
 {{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
       initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
 {{- range $key1, $osServiceType := tuple "deckhand" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
@@ -63,4 +66,3 @@ spec:
             name: deckhand-bin
             defaultMode: 0555
 {{- end -}}
-
diff --git a/charts/deckhand/templates/job-ks-service.yaml b/charts/deckhand/templates/job-ks-service.yaml
index 778069f7..6fc83925 100644
--- a/charts/deckhand/templates/job-ks-service.yaml
+++ b/charts/deckhand/templates/job-ks-service.yaml
@@ -15,7 +15,9 @@
 {{- $envAll := . }}
 {{- $ksAdminSecret := .Values.secrets.identity.admin }}
 {{- $dependencies := .Values.dependencies.ks_service }}
-
+{{- $serviceAccountName := "deckhand-ks-service" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -26,11 +28,12 @@ spec:
       labels:
 {{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
       initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
 {{- range $key1, $osServiceType := tuple "deckhand" }}
         - name: {{ $osServiceType }}-ks-service-registration
diff --git a/charts/deckhand/templates/job-ks-user.yaml b/charts/deckhand/templates/job-ks-user.yaml
index 3b5ffec3..7e822b8e 100644
--- a/charts/deckhand/templates/job-ks-user.yaml
+++ b/charts/deckhand/templates/job-ks-user.yaml
@@ -16,6 +16,9 @@
 {{- $ksUserSecret := .Values.secrets.identity.user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
+{{- $serviceAccountName := "deckhand-ks-user" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -23,11 +26,12 @@ metadata:
 spec:
   template:
     spec:
+      serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
         {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
       initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: deckhand-ks-user
           image: {{ .Values.images.tags.ks_user }}