Reputation: 13640
Make secrete available for all namespaces in kubernetes
When you create a new namespace in Kubernetes there always will be a default-token secret available in it.
$ kubectl create namespace test
$ kubectl get secrets -n test
NAME TYPE DATA AGE
default-token-wh7hv kubernetes.io/service-account-token 3 6m10s
Question:
How can I create a secret that will be always available (as in above example) in newly created namespace?
Upvotes: 0
Views: 525
Answers (1)
Reputation: 142
default-token is used within the cluster and managed by the cluster. ServiceAccounts are intended to provide an identity for a Kubernetes Pod to be used by its container to authenticate and authorize them when performing API-requests to the Kubernetes API-server. Default ServiceAccount will be created when you create namespace.
Secret resources reside in a namespace. Secrets can only be referenced by Pods in that same namespace. If you want a way to create your own secret when additional ns created for that you will need an extra utility.
You can write a code to communicate with K8s API Check the namespace list periodically. Create a secret when an additional namespace created.
Upvotes: 1
Related Questions
- Is there a way to share secrets across namespaces in Kubernetes?
- Create secret for all namespaces
- Kubernetes global variables (for all namespaces)
- k8s Use secret from different namespace
- Using the Python kubernetes API, is there a way to list secrets in "my current namespace"?
- Creating secrets from env file configured to a certain namespace
- Specify a secret in YML WITH a namespace
- Isolate Secrets at Service layer in same namespace
- Multiple secrets on kubernetes
- Specific name to auto generated secret token of namespace in Kubernetes