Stack Overflow
Stack Overflow

Questions tagged [k8s-serviceaccount]

77 questions
0
votes
0 answers

Is it necessary to add IRSA to aws-auth config map for the corresponding pod to be able to update kube objects

I have a service running inside the EKS cluster which reads/adds/updates/patches different kubernetes objects across multiple namespaces. For this to work, I did the following: Create an IAM Role => service_account_role Attached…
Mukund Jalan
  • 1,145
  • 20
  • 39
0
votes
0 answers

Is there a way to grant access to a ServiceAccount from all namespaces in Kubernetes? Or a cluster-wide ServiceAccount?

I'm going to have an unknown number of users access my K8s (specifically OpenShift if that helps) cluster. Each user will have their own random namespace. So I do not know the namespaces in advance as they will be dynamically created. But I want…
elatedgoat
  • 11
  • 3
0
votes
2 answers

How is Kubernetes Service IP assigned and stored?

I deployed a service myservice to the k8s cluster. Using kubectl describe serivce ..., I can find that the service ip is 172.20.127.114 I am trying to figure out how this service ip is assigned. Is it assigned by K8s controller and stored in DNS? …
yuyang
  • 1,511
  • 2
  • 15
  • 40
0
votes
0 answers

How to access an AWS Resource with the role attached to Kubernetes pod?

I am running a web service in Kubernetes environment. I have attached a role (custom_role) to the pod. This role has permission to access SQS queue. Now, how do I utilize this role while accessing the SQS? This is how the current code looks like (in…
Secure Blob
  • 45
  • 1
  • 5
0
votes
1 answer

Getting error You must be logged in to the server (the server has asked for the client to provide credentials)

I am getting the following error when trying to use the kubectl command:- error: You must be logged in to the server (the server has asked for the client to provide credentials) i am using the eks and after successfully doing all the activity, i…
tarun mittal
  • 331
  • 4
  • 13
0
votes
0 answers

Kubernetes user format

I'm trying to create a pipeline to deploy on Kubernetes. I get an error that the user "system:serviceaccount:my-namespace:default" doesn't have permission to read secrets. I've installed gitlab-runner in the same my-namespace with all the possible…
Gfalco
  • 77
  • 3
  • 13
0
votes
1 answer

Is there a way to detect inactive Service / User Accounts in K8s cluster

I'd like to be able to detect inactive Service accounts and User accounts by using kubectl / rest api in my Kubernetes cluster. like for an example idle service account that has not been used for any resource for x days and it's safe to delete…
Yaron Avital
  • 588
  • 1
  • 4
  • 11
0
votes
1 answer

How to hide a namespace for specific user on kubernetes

I have three namespaces prod dev stage And I have two users prod-user : have full access for "prod" namespaces but have no access for "dev" and "stage" dev-user : have full access for "dev" and "stage" namespaces but don't have access on…
BOY
  • 1
  • 1
0
votes
0 answers

GitLab CI - namespace is forbidden for system:serviceaccount:gitlab-runner:default" cannot get resource "x"

I configured a gitlab ci yaml file that has 2 stages, build and deploy, the build stage consists of building the app in docker and pushing it to the gitlab container registry. The deploy stage consists of installing k8s and deploying the k8s yaml…
Ali Al Haj
  • 1
  • 1
0
votes
1 answer

How to associate a Deployment/Pod to a non-default service account by default

When we do not specify any service account in the deployment/pod manifests, it gets associated with the "default" service account in the corresponding namespace. My question is, can this behavior be changed so that by default, the deployment/pod…
Visa2Learn
  • 13
  • 3
0
votes
1 answer

Can't deploy bitnami/rabbitmq Helm Chart on GKE, permission to create role is required

Introduction : I am trying to deploy a RabbitMq Helm Chart to GKE, with my Gitlab CI/CD pipeline. The command I use to install my chart is: helm upgrade --install rabbitmq --create-namespace --namespace kubi-app-main -f…
Hamza Ince
  • 604
  • 17
  • 46
0
votes
1 answer

Cant create k8s dashboard service account

enter image description here I followed this tutorial https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md However, after finished all steps, i stll cant see any account while using kubectl get…
Lzjxc
  • 3
  • 1
0
votes
1 answer

How to write/use K8 Python client to create a new role, sa & role binding

I am currently figuring out what is the best way to programmatically manage the Kubernetes cluster (eks). I have come across a python Kubernetes client where I was able to load the local config and then create a namespace. I am running a jenkins job…
lankan
  • 15
  • 3
0
votes
1 answer

Why `ServiceAccount` exists, but there is no such entity for the regular human user?

When managing entities semantically connected with Kubernetes, it makes sense to let Kubernetes manage them. Kubernetes manages ServiceAccount as a resource kind, but does not have similar kinds for human users or groups. I'm wondering what is the…
J. Tarasov
  • 79
  • 1
  • 7
0
votes
1 answer

Exposing kubernetes service container running on my PC localhost via WLAN IP to enable connection from another PC with both PCs on the same router

I have a k8s service running on my PC locally and works fine. The Database and the services. everything works fine and are accessible via localhost on my browser and postman. However, I want to be able to connect to it via other PC/mobile app on the…
DevLayi
  • 55
  • 10
1 2 3
4
5 6