Stack Overflow
Stack Overflow

Questions tagged [k8s-serviceaccount]

77 questions
0
votes
0 answers

AWS cluster - Testing cross account assumerole from a k8s service account to an IAM role

I have a cluster in one of my aws accounts (account id 111111) and a kubernetes service account called "my-sa" in this cluster. In another aws account (account id 22222), I have a IAM policy to read dynamodb table and this policy is attached to a…
davidbilla
  • 2,120
  • 1
  • 15
  • 26
0
votes
1 answer

Error looking up service account when using role binding

I have a helm chart that I have created. In this chart, I have a template for a Job with a post-install hook (code below), custom resource, and config map. apiVersion: batch/v1 kind: Job metadata: name: postinstall-hook annotations: …
Ido Segal
  • 430
  • 2
  • 7
  • 20
0
votes
0 answers

Possible to give Fluentd access to secured OpenSearch domain using IAM?

Describe the issue I'm using the fluent-operator to deploy fluentdbit to collect logs and fluentd to process and send to an OpenSearch domain with advanced security configuration. It works with open domains, but not with secured ones. I noticed the…
Kaio H. Cunha
  • 211
  • 2
  • 10
0
votes
1 answer

EKS Service Account Annotation

I have a service account, and this needs access to multiple aws services. Is there any way we could specify multiple role an annotations, or do we expect to create a generic role and give access to all the required services? The below not…
enthusiast
  • 355
  • 1
  • 5
  • 16
0
votes
1 answer

Create secret for my service account but the created service account always show me 0 secret associated with it

My NodeJS microservice is deployed to k8s cluster. I am running this with my local Docker Desktop k8s environment. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did…
user842225
  • 5,445
  • 15
  • 69
  • 119
0
votes
0 answers

Restarting Deployments in AKS Cluster from inside a container

I have a program which can fire kubectl commands to fetch all the namespaces and then loop through each namespace to restart the deployments present in that namespace. This program is on my machine and I want to deploy it to the AKS Cluster and…
Abhijit
  • 25
  • 5
0
votes
1 answer

How to get secrets from AWS Secrets manager in EKS using CSI driver

Hi I am working on a POC, where I have to bring Secrets form AWS secrets manager in a EKS Pod, But I am getting this error. MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = Unknown desc = failed to mount secrets store…
Jaipal Solanki
  • 1
  • 2
0
votes
1 answer

Allow K8s serviceAccount to read clusterroles, problem when trying to deploy ingress-nginx helm chart with jenkins

I'm trying to deploy ingress-nginx helm chart to K8s with Jenkins running in container. Kubernetes version: 1.25.4 and Helm chart: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx I have created service account for Jenkins to access…
mr.Gray
  • 51
  • 5
0
votes
1 answer

How to add automountServiceAccountToken: false using Helm

I have been trying to add automountServiceAccountToken: false into deployment using helm but my changes are reflecting inside deployment in kubernetes. I tried below in helpers.tpl {{- ".automountserviceaccounttoken" }} {{- default…
Ravindra Kumar
  • 19
  • 1
0
votes
0 answers

Kubernetes deployment with token from service account - how to specify multiple token audiences?

I know that in Kubernetes deployments we can use projected volume to mount a token from a Service Account. Additionally, we can specify audience for the token. The problem is that I need multiple audiences, not just one. Please see the yaml I use…
Boring person
  • 443
  • 1
  • 5
  • 12
0
votes
1 answer

In Kubernetes if I create a rolebinding with a serviceaccount subject without namespace defined ¿which sa is used?

I can create a rolebinding like this kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: test namespace: rolebinding-ns subjects: - kind: ServiceAccount name: default roleRef: apiGroup: rbac.authorization.k8s.io …
Roberto
  • 1
  • 1
0
votes
0 answers

Error while checking for service account using Lookup Function

{{- if not (lookup "v1" "ServiceAccount" "{{.Release.Namespace}}" "{{ .Release.preinstall }}" ) }} << another service account >> {{- end }} While using lookup function for checking that if service account is already present it will not create…
Shrey Saxena
  • 1
0
votes
0 answers

Is it possible to use AWS service account in dotnet application instead AWS credentials

Currently, my dotnet application is using AWS credentials but I would like to replace it with service account token. I don't see a way to do that in AWS documentation.
Psdet
  • 659
  • 9
  • 24
0
votes
1 answer

Default ServiceAccount k8s

I'm a little confused about the default Service Account in new created Namespace in my Minikube. Does it have any permissions? It seems not because I can't find any rolebinding or clusterrolebindung which references this SA Then why is it created…
ralph
  • 73
  • 8
0
votes
1 answer

Resolving AssumeRoleWithWebIdentity

Following this guide, I cannot resolve the final fifth step, which fails with: An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation: Not authorized to perform sts:AssumeRoleWithWebIdentity command terminated with…
noblerthanoedipus
  • 516
  • 2
  • 7
  • 23
1 2
3
4 5 6