CODEWITHSUNDEEP
dockercontainerskubernetes
Fargo007
Fargo007

Reputation: 31

cannot generate a service account token in kubernetes v1

I am trying to generate a service account token on a kubernetes cluster for API authentication. The operation succeeds and the secret is created but there is no token generated. What could I be missing here?

{
    "kind": "Secret",
    "apiVersion": "v1",
    "metadata": {
        "name": "defaultsecret1",
        "annotations": {
            "kubernetes.io/service-account.name": "cfme"
        }
    },
    "type": "kubernetes.io/service-account-token"
}

[root@atomic001 ~]# kubectl create -f secret.json 
secret "defaultsecret1" created

[root@atomic001 ~]# kubectl get secret defaultsecret1
NAME             TYPE                                  **DATA**          AGE
defaultsecret1   kubernetes.io/service-account-token   **0**         13s

[root@atomic001 ~]# kubectl describe secret defaultsecret1
Name:       defaultsecret1
Namespace:  default
Labels:     <none>
Annotations:    kubernetes.io/service-account.name=core1

Type:   kubernetes.io/service-account-token

Data
====
                    <--- token should be here

[root@atomic001 ~]#

Been up and down and all around on this. Any help is appreciated.

Upvotes: 0

Views: 841

Answers (1)

Fargo007
Fargo007

Reputation: 31

I figured this out.

I had to generate a private key with openssl and then point to it in the controller-manager configuration file. Now the tokens are being created.

KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key"

Upvotes: 3

Related Questions