Skip to content

Kubernetes Secrets

As of Kubernetes v1.24, secrets are no longer automatically created for service accounts.

You must create a secret manually: Find out how to create these yourself manually .

You must make the secret discoverable. You have two options:

Option 1 - Discovery By Name

Name your secret ${serviceAccountName}.service-account-token.

apiVersion: v1
kind: Secret
  name: default.service-account-token
  annotations: default

This option is simpler than option 2, as you can combine creating the secret with making it discoverable by name.

Option 2 - Discovery By Annotation

Annotate the service account with the secret name:

apiVersion: v1
kind: ServiceAccount
  name: default
  annotations: my-token

This option is useful when the secret already exists, or the service account has a very long name.


Back to top