CODEWITHSUNDEEP
kubernetesminikube
Laird Nelson
Laird Nelson

Reputation: 16238

Why would /var/run/secrets/kubernetes.io/serviceaccount/token be an empty file in a Pod?

I'm using a vanilla minikube environment.

I'm not specifying any service account-related instructions in my bare-bones simple Pod .yaml file.

Inside a deployed Pod, /var/run/secrets/kubernetes.io/serviceaccount/token is empty. What are the possible causes for this?

Upvotes: 5

Views: 12564

Answers (2)

Edward Rousseau
Edward Rousseau

Reputation: 1

I was having this issue with minikube v1.13.1 on Ubuntu 18.04, using the 'none' driver to run Kubernetes v1.19.2 on Docker 19.03.6.

I was seeing that the serviceaccount token secret was correctly populated in Kubernetes, and that it was mounted as a volume for each pod, but that the directory (both in the pod and on the node itself) was empty.

I found the problem was caused by disabling the 'storage-provisioner' addon, and resolved by re-enabling it.

Upvotes: 0

Jose Armesto
Jose Armesto

Reputation: 13769

As mentioned in the docs

In version 1.6+, you can opt out of automounting API credentials for a service account by setting automountServiceAccountToken: false on the service account:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-robot
automountServiceAccountToken: false

In version 1.6+, you can also opt out of automounting API credentials for a particular pod:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  serviceAccountName: build-robot
  automountServiceAccountToken: false

So double check your pod file and check your ServiceAccount configuration with kubectl describe serviceaccount build-robot to see if you are disabling the automount.

Upvotes: 7

Related Questions