K8s sidecar: without injection and without ClusterRoleBinding how?

Hi.

Please help me find documentation how to use vault-sidecar / vault-agent in k8s namespace.
Scenario, where user doesn’t have rights to deploy: ClusterRoleBinding.

Is there way to run pod in namespace with vault-sidecar / vault-agent container?

All examples suggest to deploy cluster-wide ServiceAccount that will communicate to Vault and instruct sidecar. But, I do not have rights to deploy ClusterRoleBinding.

Thank you!

same issue I am also facing.
is it possible to deploy vault for production without having privileges of clusterRole in K8s.