The core feature (Epic MTV-3681) promotes a critical security and privilege setting—the ServiceAccount used by the hook execution Pod—from a CLI-only YAML field to a user-selectable option in the web console UI. This significantly improves usability and security, as administrators no longer need to manually edit complex YAML files to ensure their custom automation runs with the correct permissions.

Technical Writer Scope

The primary objective is to document the new, simplified UI workflow for setting hook ServiceAccounts. Key areas include:

1. UI Procedural Update: Update the procedural documentation for Creating/Editing a Migration Hook to include screenshots and steps detailing the new ServiceAccount selection dropdown field in the web console wizard.

1. Security Context: Reiterate the importance of selecting the correct ServiceAccount, linking back to the documentation that explains the required RBAC permissions for hooks to function securely.

1. YAML Comparison (Optional but Recommended): While the UI is the focus, include a brief note explaining that the CLI/YAML method of specifying the ServiceAccount is still supported but that the UI method is preferred for ease of use.

JTBD Statement:

"When I set up a migration hook for custom automation, I want to select the ServiceAccount directly in the web console UI instead of editing YAML so that I can easily and securely define the hook's cluster privileges and guarantee that my automation runs with the exact, least-privileged permissions required."

Goal

Today customers need to specify the serviceAccount for the hook inside the YAML.

After this epic, the customers should be able to select the serviceAccount from the UI.