How do you mount a k8s service account token as an enviromnet variable?

Matt

7/6/23, 11:29 PM

When you associate a service account to a pod, it gets mounted in the /var/run/secrets/kubernetes.io/ folder, but I don't see a way to add the secret as an environment variable. The issue is that setting up a reference in the pod to a service account's secret is not possible because the secret generated from service account has an auto generated name. So you can't use env.valueFrom.secretKeyRef in the pod config. Is there a way to do this without creating a secret manually?

115

0 + 0

kubernetes

mozello

7/7/23, 4:36 PM

What Kubernetes version are you using?

Matt

7/8/23, 12:57 PM

@mozello 1.23.3

Score:1

Server

Matt

7/8/23, 1:04 PM

I haven't found a native Kubernetes way to solve this problem, but I solved it with terraform. The service_account resource provides the default_secret_name which allows me to reference the secret in the deployment (or pod).

resource "kubernetes_service_account_v1" "my_service_account" {
  metadata {
    name      = "my-service-account"
  }
}

...

resource "kubernetes_deployment_v1" "my_deployment" {
  ...
  env {
    name = "SOME_SECRET"
    value_from {
      secret_key_ref {
        name = kubernetes_service_account_v1.my_service_account.default_secret_name
        key  = "token"
      }
    }
  }
  ...
}

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do you mount a k8s service account token as an enviromnet variable?

TH: คุณจะเมานต์โทเค็นบัญชีบริการ k8s เป็นตัวแปรสภาพแวดล้อมได้อย่างไร

RO: Cum montezi un token de cont de serviciu k8s ca variabilă de mediu?

RU: Как вы монтируете токен сервисной учетной записи k8s в качестве переменной среды?

VI: Làm cách nào để bạn gắn mã thông báo tài khoản dịch vụ k8s dưới dạng biến môi trường?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.