I am trying to add a service account to the pod but I cannot see it being mounted to the pod with the kubectl describe pod.
i can see the default secret only mounted:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-x2rs4 (ro)
Type: Projected (a volume that contains injected data from multiple sources)
can someone help with what i may be doing wrong here?
Please post the YAML used to create the pod
- image: nginx
Ok, looks fine
This is a directory what has been auto-mounted in the pod for the given service account
This directory will contain a file called
token which is a bearer token for access to the API server.
You will be able to perform whatever operations have been granted to the
pvviewer SA by any role bound to it.
how can i check if sa has been mounted correctly?
i steps i performed for solving this questions are
I think the pod would fail to create if the service account did not exist
k create sa
Image pull secrets: <none>
Mountable secrets: <none>
i cannot see any token mounted on it after i cretaed the sa
kubectl exec nginx -it -- /bin/sh
This gets you into the pod, then
ls -l /var/run/secrets/kubernetes.io/serviceaccount
and you should see a file called
yes i can see that
Then the SA token is mounted
but how can i be sure that this taken is from the sa i created and not the default sa
cant we see that in the k describe pod under volume mount?
Because you have told it to use a specific SA.
It’s only not going to be that SA if there is a bug in kubernetes - and that would be a very serious bug!
the spec you shared its from the pod.yaml only right
umm yess i do not see the SA and i am working on one of the kodecloud lab only.
Not sure if there is a bug or something else in it.
the steps i followed for my activity: