Score:0

How do you mount a k8s service account token as an enviromnet variable?

ng flag

When you associate a service account to a pod, it gets mounted in the /var/run/secrets/kubernetes.io/ folder, but I don't see a way to add the secret as an environment variable. The issue is that setting up a reference in the pod to a service account's secret is not possible because the secret generated from service account has an auto generated name. So you can't use env.valueFrom.secretKeyRef in the pod config. Is there a way to do this without creating a secret manually?

mozello avatar
cn flag
What Kubernetes version are you using?
ng flag
@mozello 1.23.3
Score:1
ng flag

I haven't found a native Kubernetes way to solve this problem, but I solved it with terraform. The service_account resource provides the default_secret_name which allows me to reference the secret in the deployment (or pod).

resource "kubernetes_service_account_v1" "my_service_account" {
  metadata {
    name      = "my-service-account"
  }
}

...

resource "kubernetes_deployment_v1" "my_deployment" {
  ...
  env {
    name = "SOME_SECRET"
    value_from {
      secret_key_ref {
        name = kubernetes_service_account_v1.my_service_account.default_secret_name
        key  = "token"
      }
    }
  }
  ...
}
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.