I have a few kubernetes service accounts.
I want to login kubernetes dashboard.
$kubectl get sa -n kubernetes-dashboard
NAME SECRETS AGE
whitebear 0 9m37s
default 0 15m
kubernetes-dashboard 0 15m
However service account does’nt have token.
$kubectl describe sa whitebear -n kubernetes-dashboard
Name: whitebear
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: <none>
Tokens: <none>
Events: <none>
How can I create the token for account?
I am using docker for mac, local environement.
Thank you very much.
Solution
thanks to @Sai Chandini Routhu!!
I made token and login successfuly
kubectl create token default
However it was not enough to use dashboard
I make cluster role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: service-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["*"]
verbs: ["*"]
then bind this to my account.
kubectl create clusterrolebinding service-reader-pod
--clusterrole=service-reader
--serviceaccount=default:whitebear
Now I can login and operate dashboard!
2
Answers
Tokens are not generated by default for ServiceAccounts since Kubernetes version 1.22. To create a long-lived ServiceAccount token in a Secret, see this documentation, which says:
Solution as
Any processes or applications running inside the pod of the Kubernetes cluster can gain access to the cluster by obtaining service account authentication from the API server.
AS per this doc by @pramodAIML
Refer this doc for more information about Using service account tokens to connect with the API server