'Docker-Desktop for MAC Kubernetes not creating secrets or token for serviceaccounts

I'm just trying to create a simple service account. Theoretically, kubectl automatically creates the secret and token for service accounts... But, not in my case... I've done this in kube-system, default, and new/other namespaces.

me@mymachine ~ % kubectl create serviceaccount my-acct
serviceaccount/my-acct created
me@mymachine ~ % kubectl describe serviceaccount my-acct
Name:                my-acct
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>

I have reset the Kubernetes system. Uninstalled, removed ./kube/ and removed the Library... Still no secret created. All of my developers machines (MAC as well, both Intel and M1) automatically create the account secret. Any ideas?

kuberneteskubectldocker-desktop


Solution 1:[1]

Docker-Desktop 4.7.1 includes the appropriate Kubernetes configuration for the controller manager and api service to automatically create secrets and tokens when creating a service account.

Docker-Desktop 4.8.x does not have this configuration. Fresh install or resetting the Kubernetes cluster will prevent the secret and token from automatically being created upon service account creation

Solution 2:[2]

Disclaimer: This answer will not "fix" the automatic creation of secrets for service accounts, but shows how you can associate a secret to a service account.

For the newer Docker Desktop 4.8.1 (for Mac), you can create the secret manually:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: default-secret
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF

And then you can associate the secret to the service account by editing the service account configuration, run:

kubectl edit serviceaccounts default

There you can add the secret, at the end, like:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "XXXX-XX-XXTXX:XX:XXZ"
  name: default
  namespace: default
  resourceVersion: "XXXX"
  uid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
secrets:
- name: default-secret

After that, you'll be able to use the token for the required purposes.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 icetnet
Solution 2 camikiller

Related Questions