Home > Back-end >  Docker-Desktop for MAC Kubernetes not creating secrets or token for serviceaccounts
Docker-Desktop for MAC Kubernetes not creating secrets or token for serviceaccounts

Time:05-18

I'm just trying to create a simple service account. Theoretically, kubectl automatically creates the secret and token for service accounts... But, not in my case... I've done this in kube-system, default, and new/other namespaces.

me@mymachine ~ % kubectl create serviceaccount my-acct
serviceaccount/my-acct created
me@mymachine ~ % kubectl describe serviceaccount my-acct
Name:                my-acct
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>

I have reset the Kubernetes system. Uninstalled, removed ./kube/ and removed the Library... Still no secret created. All of my developers machines (MAC as well, both Intel and M1) automatically create the account secret. Any ideas?

CodePudding user response:

Docker-Desktop 4.7.1 includes the appropriate Kubernetes configuration for the controller manager and api service to automatically create secrets and tokens when creating a service account.

Docker-Desktop 4.8.x does not have this configuration. Fresh install or resetting the Kubernetes cluster will prevent the secret and token from automatically being created upon service account creation

CodePudding user response:

Disclaimer: This answer will not "fix" the automatic creation of secrets for service accounts, but shows how you can associate a secret to a service account.

For the newer Docker Desktop 4.8.1 (for Mac), you can create the secret manually:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: default-secret
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF

And then you can associate the secret to the service account by editing the service account configuration, run:

kubectl edit serviceaccounts default

There you can add the secret, at the end, like:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "XXXX-XX-XXTXX:XX:XXZ"
  name: default
  namespace: default
  resourceVersion: "XXXX"
  uid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
secrets:
- name: default-secret

After that, you'll be able to use the token for the required purposes.

  • Related