K
Q

k8s mount service account token

1/11/2022

How can I mount service account token, we are using a chart which doesn't support it and after a hour the chart is failing.

https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume ?

I understand that from 1.22.x its by default behavior of k8s

its BoundServiceAccountTokenVolume in the following link https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

Im referring to manually mounting the service account token.

Im talking about vectordev which doesnt support the https://vector.dev/docs/setup/installation/platforms/kubernetes/

update according to this post this is the way to do it on k8s 1.22.x please provide an example since im not sure how to make it work https://github.com/vectordotdev/vector/issues/8616#issuecomment-1010281331

-- JJD
amazon-web-services
k8s-serviceaccount
kubernetes
rbac

Similar Questions

Kubernetes env variables not working in sequelize-cli
Pods are not getting created and not running after a long time also
Setup react app build folder onto Google Kubernetes
Getting a crashloopbackoff error in Google Kubernetes Engine
WARN log metricbeat pods (on kubernetes) : DNS lookup failure "k8s-node4": lookup k8s-node4 on 10.96.0.10:53: no such host

1 Answer

1/17/2022

There's no issue for Vector agent to access the token, but the token will now expire within an hour by default; compare to previous where it has no expiry. When the token has past the validity time, the agent application needs to reload the token from the mounted token volume (previously was a secret volume). The change is needed in the agent application to support this paradigm, not on K8s.

-- gohm'c
Source: StackOverflow