K
Q

Could not able to access the kubernetes API after deleting the default-token

12/20/2018

I am facing the issue when I delete the default-token secret of service account.

Kubernetes automatically mounts the deafult-token into the pod spec so that you can access its API.

volumes:
- name: default-token-hh98h
  secret:
    defaultMode: 420
    secretName: default-token-xxx

Now when I delete the secret default-token-xxx, kubernetes automatically creates new default-token-yyy, but that token doesn't reflect in the pod spec. If I restart the pods then the new token takes effect.

Is there any way to refresh the default-token secret without deleting the pod?

-- Prafull Ladha
kubernetes

Similar Questions

What's the exactly flow chart of an outside request comes into k8s pod via Ingress?
connecting jenkins hosted on kubernetes to MySQL on Google Cloud Platform
Not able to login to kubernetes dashboard from hhtp url since local host of the master is a vm
stop k8s initContainers volume overwriting container folder
Couchbase cbbackup fails from remote server
GKE Autopilot Ingress returns 502 error for 5-15 minutes after deploying

1 Answer

12/20/2018

It is not possible to update secretName field of pod.spec.volume because it is forbidden. Even when you try to change, you will get an error

* spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)

And you are trying to update spec.volumes which is forbidden

-- coolinuxoid
Source: StackOverflow