Hi I use Gitlab I want to containerize apps that I make and automate deploy so I'm trying to play with Kubernetes on GKE.
I was following Gitlab's documentation regarding linking Cluster
I tried to create secret through K8S Dashboard (Create, Paste yaml)
apiVersion: v1
kind: Secret
metadata:
name: gitlab
annotations:
kubernetes.io/service-account.name: gitlab
type: kubernetes.io/service-account-token
press Upload and it just swallows it, no errors no new secrets.
Then I tried to add it through kubectl:
kubectl create -f /tmp/gitlab.yaml it prints secret "gitlab" created but it didn't
What am I doing wrong?
kind: Secret
type: kubernetes.io/service-account-token
I see what's going on here: you're trying to manually create a ServiceAccount token, when those are designed to be managed by kubernetes, not you, because the token contains a correctly formatted and cryptographically signed JWT.
Independent of that, it's silly to create a service-account-token Secret that contains no secret data (s.a.t. always contain 3 bits of data: ca.crt, namespace, and token). Then, even if you did populate that Secret with an actual JWT -- which would be very weird -- you'll also want to include the annotation kubernetes.io/service-account.uid: containing the UUID of the gitlab``ServiceAccount (which you can find by kubectl get -o json sa gitlab | jq -r .metadata.uid)
Reasonable people can differ about whether this is a bug, or a crazy edge case that doesn't hurt anything. I think of this as the equivalent of INSERT INTO users; reporting OK; sure, it didn't insert anything, but the command was nonsense anyway, so it's hard to get really worked up about things.
my bad, I specified kubernetes.io/service-account.name to be gitlab even though there is no such service account, I replaced it with default and everything worked