Secret for a Kubernetes service accounts is not getting created
I have a kubernetes cluster version 1.26 Here i'm creating a serviceaccount following the instructions in the yaml given below
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: devops-serviceaccount
namespace: default
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: role-for-serviceaccount
namespace: default
rules:
- apiGroups: ["*","apps","extensions"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: rolebinding-for-serviceaccount
namespace: default
subjects:
- kind: ServiceAccount
name: devops-serviceaccount
namespace: default
roleRef:
kind: Role
name: role-for-serviceaccount
apiGroup: rbac.authorization.k8s.io
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: devops-sa-secret
annotations:
kubernetes.io/service-account.name: "devops-serviceaccount"
after deploying the yaml i run the following command
kubectl get serviceAccounts devops-serviceaccount
I expect a Service Account with the secrets attached to it but the secret count is 0
Solution
After version K8s 1.24 it does not default to create the secret with a Service account. If you are following any article make sure it's not for an older versions of k8s.
As you are on 1.26 which is the latest and it does not support secret creation by default with SA creation and it wont show.
You can read more about my article : https://medium.com/faun/k8s-v1-24-is-unable-to-create-a-serviceaccount-secret-798f8454e6e7
Update
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-sa
secrets:
- name: token-secret
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: token-secret
annotations:
kubernetes.io/service-account.name: "test-sa"
what i found, field counts the secrets mentioned in the field with a service account.
Code ref of SA struct
- Springboot Swagger Ui Throwing Whitelabel Error Page when Accessed using K8S IP and Nodeport
- Minikube with ingress example not working
- Kubectl logs returning tls handshake timeout
- how to get only one node name from kubectl get nodes
- Ingress helm chart error after upgrade from v1beta1 to v1
- PowerShell and escape characters
- kubectl unable to connect to server: x509: certificate signed by unknown authority
- Helm chart: Why environment variable defined in values.yml of helm chart not added to generated manifest?
- Why WordPress Helm Chart not able to connect azure MariaDB having SSL enabled?
- Not able to execute GitLab Runner in Kubernetes cluster: cannot create resource "secrets" in API group "" in the namespace "gitlab"
- Kibana error: Unable to retrieve version information from Elasticsearch nodes. socket hang up
- Why does a Nodeport need a "port" in Kubernetes?
- K8S secret usage in SQLCMD password is always empty
- Ansible throwing a "Failed to update apt cache: W:Updating from such a repository can't be done securely" Error
- Error when trying to create a deployment using YAML: Deployment in version "v1" cannot be handled as a Deployment
- ETCD export as json and decode from base64 all key/values to human readable
- Kubernetes Ingress to External Service?
- Is Kube2iam unnecessary with, and/or a part of, EKS?
- Gracefully shutdown Spring application running in Kubernetes
- How to convert deployment, configmap and service yaml files to helm package
- "exec format error" running arm64 docker image using dotnet
- How to reference kubernetes secrets in helm chart?
- Kubernetes Container Get Node's External IP
- How do I mount my ssh key for a BitBucket Repo to my container to use ssh git links on Argo Workflows?
- Does kubelet logs application logs in journalctl?
- Kubernetes: How do I find which jobs a cronjob has generated
- Superset on Kubernetes with Helm not using custom values file
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- Using Superset helm chart with pre-existing postgres database
- External-secrets not able to access the AWS STS from a private cluster