Service account token not being mounted

dE.logics · April 29, 2019, 9:28am

Hi.
I’ve create a service account for helm; the account works with kubectl, but the service account token is not being mounted in tiller’s pod. Here’s the Deployment’s definition –
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: “1”
creationTimestamp: 2019-04-29T08:56:59Z
generation: 1
labels:
app: helm
name: tiller
name: tiller-deploy
namespace: kube-system
resourceVersion: “560527”
selfLink: /apis/extensions/v1beta1/namespaces/kube-system/deployments/tiller-deploy
uid: bf5f4010-6a5c-11e9-b714-52540012345d
spec:
replicas: 1
selector:
matchLabels:
app: helm
name: tiller
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: helm
name: tiller
spec:
automountServiceAccountToken: true
containers:
- env:
- name: TILLER_NAMESPACE
value: kube-system
- name: TILLER_HISTORY_MAX
value: “0”
image: kubernetes-helm/tiller:v2.13.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: tiller
ports:
- containerPort: 44134
hostPort: 44134
name: tiller
protocol: TCP
- containerPort: 44135
hostPort: 44135
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readiness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
hostNetwork: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: tiller
serviceAccountName: tiller
terminationGracePeriodSeconds: 30

Here’s the service account definition –
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
automountServiceAccountToken: true
—
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io

Cluster information:

Kubernetes version: 1.8.2
Cloud being used: bare-metal
Installation method: manual
Host OS: Debian 9
CNI and version: n/a
CRI and version: n/a

PS: preformatted text is not working.

Topic		Replies	Views
Why are the secret content of the default serveraccount are mounted inside the pod? General Discussions	0	494	September 24, 2021
Add custom claims into bound service account JWT token? General Discussions authn , authz	0	750	October 24, 2022
Relation of Mounting NFS shares in Pod and serviceaccounts in Kubernetes General Discussions docs , security , network	0	14	October 14, 2024
Is there an API to retrieve service account token Windows	0	650	April 15, 2020
Can you have two containers in a pod have different service accounts? General Discussions	2	2714	May 18, 2024

Service account token not being mounted

Cluster information:

Related topics