Stack Overflow
Stack Overflow

Questions tagged [k8s-serviceaccount]

77 questions
4
votes
0 answers

How do I use a k8s serviceaccount's attached IAM role to make a request to S3 with the AWS SDK for Go v2

In a Go application run as a k8s Job, I am attempting to assume a serviceaccount <-> IAM Role when trying to GetObject from an S3 bucket. I attach a serviceAccountName field to the Job spec in the yaml file, and I attach the AWS IAM to the service…
kingledion
  • 2,263
  • 3
  • 25
  • 39
3
votes
1 answer

Can we associate K8s serviceAccount with multiple aws IAM role

is it possible in eks to associate serviceAccount with multiple aws IAM roles? am I allowed to provide multiple arns in service account annotations? eg apiVersion: v1 kind: ServiceAccount metadata: name: Testxxx annotations: …
NewGuy
  • 49
  • 1
  • 9
3
votes
1 answer

How to use kubernetes service account with golang?

Actually, I use kubernetes service accounts mostly with NodeJS, and this works fine, but I have this one service made in Go and I can't seem to make it work with service accounts (I know that the service account is correctly configured because I…
David Nithael Torres Lima
  • 445
  • 2
  • 10
3
votes
2 answers

Restrict access of a K8s secret to a particular service account

I have a secret which contains very sensitive information. I want to make sure that this secret can only be accessed by a certain service account and nobody else. Using RBAC, I can tell which user can access which resources. But is there some way…
codego123
  • 171
  • 2
  • 12
3
votes
1 answer

k8s mount service account token

How can I mount service account token, we are using a chart which doesn't support it and after a hour the chart is failing. https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume ? I…
PJEM
  • 557
  • 7
  • 33
3
votes
1 answer

Why openshift creates two secrets when I create a serviceaccount

I have created a serviceaccount with edit permission on openshift: oc create serviceaccount gitlab-ci oc policy add-role-to-user edit system:serviceaccount:test-project:gitlab-ci but when I check the secrets, I see two secrets regarding the…
Yashar
  • 2,455
  • 3
  • 25
  • 31
2
votes
0 answers

Changing Role permissions for an active (in-use) ServiceAccount in Kubernetes

Suppose a simple RBAC setup in Kubernetes (assuming default namespace for simplicity): ServiceAccount + Role + RoleBinding The role has allows to get and list verbs for pods and pods/log a Pod using the above ServiceAccount the pod is running curl…
Ilya Ayzenshtok
  • 721
  • 2
  • 7
  • 18
2
votes
2 answers

Why new created ServiceAccount has 0 secrets

I have Kubernetes version 1.24.3, and I created a new service account named "deployer", but when I checked it, it shows it doesn't have any secrets. This is how I created the service account: kubectl apply -f - << EOF --- apiVersion: v1 kind:…
E235
  • 11,560
  • 24
  • 91
  • 141
2
votes
1 answer

Why K8s automounted service account token in a pod is different from the token retrieved directly from a service account?

Lets say I create a service account and retrieve the token associated to it: kubectl -n myexample describe sa myexample-sa kubectl describe secret myexample-sa-token-xxxxx Value of the token: token: …
Vahid
  • 1,625
  • 1
  • 18
  • 33
1
vote
1 answer

Can we annotate multiple GSA to Kubernetes Service Account (GCP)

I am fairly new to cloud and GCP. So, we have an application which uses pub sub, cloud storage, cloud sql and secret manager. This is deployed using helm chart. All services uses different service account. So to avoid keeping json keys for these…
ankit_
  • 11
  • 3
1
vote
1 answer

Getting error while deploying istio version 1.16, pods are getting crashed

I am deploying to version 1.16 but the pods are getting crashed below are the pod's error. istiod pod: 2023-03-21T11:58:09.768255Z info kube controller "extensions.istio.io/v1alpha1/WasmPlugin" is syncing...…
Bhagavat Bhise
  • 21
  • 1
1
vote
1 answer

Cannot access https://: when using kubernetes-dashboard(timeout)

hi,guys,i got some issues when i'm going to running my kubernetes-dashboard. the details of the issue is: i cant access my dashboard in browser by using https://:(https://192.168.1.30:31382),even curl…
BugKiller
  • 94
  • 1
  • 10
1
vote
1 answer

Deploy ServiceAccount, ClusterRole & ClusterRoleBinding failure

My NodeJS microservice is deployed to k8s cluster. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did this: apiVersion: v1 kind: ServiceAccount metadata: name:…
user842225
  • 5,445
  • 15
  • 69
  • 119
1
vote
0 answers

How can I programmatically connect to multiple K8S clusters created with the eksctl command in AWS EKS?

I want to push some jobs.yml script to multiple Kubernetes clusters programmatically, connection details will be provided by customers and we can store it in encrypted format in DB or maybe S3. I'm trying to achieve this with @kubernetes/client-node…
rohitcoder
  • 401
  • 1
  • 7
  • 18
1
vote
0 answers

Confluent Schema Registry on Strimzi - pods not getting created

I've Strimzi Kafka installed on GKE(GCP), and i'm trying to install Confluent Schema registry referring link - https://github.com/lsst-sqre/strimzi-registry-operator Steps followed: Installed strimzi-registry-operator in namespace…
Karan Alang
  • 869
  • 2
  • 10
  • 35
1
2 3 4 5 6