Openshift/Kubernetes: Use token from Service account in yaml file

2/8/2019

I currently have the following problem. I am creating a Template in which I specify a ServiceAccount adn a RoleBinding. Openshift Creates a Token on its own and stores it in a secret with the name [service-account-name]-[a-z,1-9{5}]. Now I want to pass that secret on to an env Variable (as it will be consumed by another config in that container that can process env variables)

Now you can easily use env variables like

env:
- name: something
  valueFrom:
    secretKeyRef:
      name: someKey
      key: someValue

But now I've got the problem, that there is a secret, but I don't know the exact name as part of it is random. Now my question is

Is there a way to use the contents of a secret of a serviceaccount in a template?

-- relief.melone
environment
kubernetes
openshift
templates
yaml

1 Answer

2/11/2019

You can check your secrets by running kubectl get secret and then view more by running kubectl describe secret mysecret You will need to decode it to view it (I do not have experience with OpenShift). You can also use them as Environment Variables as explained here.
As for ServiceAccount and the token you can use it inside a container as specified in the OpenShift documentation

A file containing an API token for a pod’s service account is automatically mounted at /var/run/secrets/kubernetes.io/serviceaccount/token.

I think you could add commands from the documentation to the Pod Template into command: section similar to this example. Also you can find more about using secrets here.

-- aurelius
Source: StackOverflow