I have created a K8 service account token using following command;
kubectl create serviceaccount test-sat-account
I have deployment yaml for a dotnet service and I am importing the above token in a volume as below;
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
serviceAccountName: test-sat-account
containers:
- name: my-container
image: ""
imagePullPolicy: Always
volumeMounts:
- name: my-token
mountPath: /var/run/secrets/tokens
env:
- name: SATToken
value: ****<Can we Pass the SAT token here?>****
ports:
- name: http
containerPort: 80
protocol: TCP
volumes:
- name: my-token
projected:
sources:
- serviceAccountToken:
path: my-token
audience: test-audience
Now, instead of reading the token from the mountpath in the code, I want to pass the value of the token to an environment variable in the above yaml. Is it possible to do that? If yes, how?
Arrange for the token to be stored in a Secret resource:
apiVersion: v1
kind: Secret
metadata:
name: test-sat-account-token
annotations:
kubernetes.io/service-account.name: test-sat-account
type: kubernetes.io/service-account-token
Now, use that Secret as the source for an environment value:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
serviceAccountName: test-sat-account
containers:
- name: my-container
image: ""
imagePullPolicy: Always
env:
- name: SATToken
valueFrom:
secretKeyRef:
name: test-sat-account-token
key: token
ports:
- name: http
containerPort: 80
protocol: TCP