When I create a new service account token in Kubernetes, it is not signed. I am using the command
kubectl create -f default-token-create.yaml
The yaml is the following
apiVersion: v1
kind: Secret
metadata:
name: default-token-abcd
namespace: staging
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.namespace: staging
type: kubernetes.io/service-account-token
I also verified that the ca cert for kubernetes is associated with the api-server. This was previously working and now is not.
What am I missing?
I have tried creating a new service account and having kubernetes create the token as well as using the above script to manually create one. Neither works.
This is the create-token yaml:
apiVersion: v1
kind: Secret
metadata:
name: default-token-abcd
namespace: staging
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.namespace: staging
type: kubernetes.io/service-account-token
Expected results: A token created that is a proper jwt with the jwt header as well as the correct signature.
To use the .yaml
file you provided a ServiceAccount with name default
should exist.
I suggest that you create a ServiceAccount via kubectl
or yaml
file, a token should be generated automatically. It will be placed in Secret
resource, which you can later fetch via kubectl
.