How to create a secret for service account using Kubernetes version 1.24
Question
I am using Kubernetes version 1.24, I have created a secret for my service account manually, but when I run kubectl get serviceaccounts , it is showing that I do not have any secrets for that service account?
2 answers
solution1
0 2022-07-29 10:07:08
When creating a secret manually, it needs to be manually added to the ServiceAccount . You can use kubectl edit for this.
solution2
0 ACCPTED 2022-07-29 10:58:30
If you are creating the secret manually you have to manually add the secret to the service account .
You can edit the existing service account using the command kubectl edit sa <name of sa> or else create the YAML and reapply the changes to configure those.
However, if you are creating the ServiceAccount it will auto-generate the secret token.
bash-4.2$ kubectl get sa
NAME SECRETS AGE
default 1 11d
bash-4.2$ kubectl create sa test
serviceaccount/test created
bash-4.2$ kubectl get secret
NAME TYPE DATA AGE
default-token-dvgd8 kubernetes.io/service-account-token 3 11d
test-token-k6dpd kubernetes.io/service-account-token 3 7s
bash-4.2$ kubectl get sa
NAME SECRETS AGE
default 1 11d
test 1 59s
bash-4.2$
Update
If you are on K8s version 1.24
The serviceaccount won't create the secret automatically.
You have to create it manually.
Example :
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: token-secret
annotations:
kubernetes.io/service-account.name: "<SA name>"
If you just want to create the token you can use the: kubectl create token <Name>
Read more about it: https://itnext.io/big-change-in-k8s-1-24-about-serviceaccounts-and-their-secrets-4b909a4af4e0
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.