While there are many articles explaining accounts needed to install and maintain SharePoint, this is my two cents.
I think below accounts are must no matter what kind of model you are looking to install. Technically you can always use a single account with admin rights everywhere but it will end up with some issues later on. For instance, what if that account gets locked up for some reason then your entire farm will go down.
- Setup User Account: Account with which you will install SharePoint. Meaning you login to your server with this account and run the set up. It must be a securityadmin and dbcreator on the SQL Server, and it must be a member of the local Administrators group. I call it SPadmin.
- Farm Account : You will use this account during the installation where it asks you for the credential to create content database. It is also the identity used by the Central Administration site’s application pool, and the identity used by the Timer service. It should be dbcreater, dbowner and security admin. I call this SPfarm
- Application pool account. Depending on how you want to maintain webapplications and service applications you can create these accounts. Usually they are least privileged accounts.