如何使用 Kubernetes 版本 1.24 为服务帐户创建密钥

Question

I am using Kubernetes version 1.24, I have created a secret for my service account manually, but when I run kubectl get serviceaccounts , it is showing that I do not have any secrets for that service account?

Answer 1

When creating a secret manually, it needs to be manually added to the ServiceAccount . You can use kubectl edit for this.

Answer 2

If you are creating the secret manually you have to manually add the secret to the service account .

You can edit the existing service account using the command kubectl edit sa <name of sa> or else create the YAML and reapply the changes to configure those.

However, if you are creating the ServiceAccount it will auto-generate the secret token.

bash-4.2$ kubectl get sa
NAME      SECRETS   AGE
default   1         11d
bash-4.2$ kubectl create sa test  
serviceaccount/test created
bash-4.2$ kubectl get secret
NAME                  TYPE                                  DATA   AGE
default-token-dvgd8   kubernetes.io/service-account-token   3      11d
test-token-k6dpd      kubernetes.io/service-account-token   3      7s
bash-4.2$ kubectl get sa
NAME      SECRETS   AGE
default   1         11d
test      1         59s
bash-4.2$ 

Update

If you are on K8s version 1.24

The serviceaccount won't create the secret automatically.

You have to create it manually.

Example :

apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: token-secret
  annotations:
    kubernetes.io/service-account.name: "<SA name>"

If you just want to create the token you can use the: kubectl create token <Name>

Read more about it: https://itnext.io/big-change-in-k8s-1-24-about-serviceaccounts-and-their-secrets-4b909a4af4e0