84 questions
0
votes
0
answers
22
views
Using Federated Credentials Flow with Webclient in Springboot
What we have and want:
Currently we make use of the standard clientCredentials flow like it's explained here: https://www.baeldung.com/spring-webclient-oauth2#1-client-and-provider-configurations
We ...
1
vote
0
answers
58
views
fake client gives error using CreateToken operation for ServiceAccounts
I have the below code in a test function
import (
"k8s.io/client-go/kubernetes/fake"
)
// Mock Kubernetes client
k8sClient := fake.NewClientset()
// Mock service account
...
- 95
0
votes
0
answers
362
views
Getting service acount credential in GKE
I have GKE cluster that uses a custom service-account. I'm using it to access Google API (Gmail API). But, when I use
final List<String> SCOPES = List.of(GmailScopes.GMAIL_READONLY);
...
- 1,072
0
votes
1
answer
2k
views
Setting Up Backstage with Guest Authentication on a Kubernetes Cluster
I'm working on deploying Backstage on a Kubernetes cluster using the Helm chart and looking to enable guest user access for development purposes. However, I'm encountering a "501 Not Implemented&...
- 653
0
votes
1
answer
207
views
How to enable AWS S3 Caching on Please Build in a Pod on AWS EKS Kubernetes cluster?
I'm using Please Build to build different modules of my app in a Jenkins job that runs inside an AWS EKS Kubernetes cluster on a linux AWS EC2 instance in a pod using jenkins/slave.jar in a debian ...
- 5,920
0
votes
0
answers
178
views
cannot access the statsd metrics endpoint from withing its pod calling localhost
I am creating a local cluster as below:
# kind-cluster.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry....
- 2,555
0
votes
1
answer
2k
views
Scaling Up/Down kubernetes deployments using only cronjobs and Service Accounts
I've a workload that requires some deployments to be scaled up/down at certain hours of the day. Since the load is predictable, I didn't want to spend much time setting up HPA because it's a total ...
- 1
3
votes
1
answer
513
views
What is the difference between google_project_iam and google_service_account_iam?
Regarding these two Terraform GCP resources : google_project_iam and google_service_account_iam
I can't fully grasp the differences and use cases were you should use one over the other. I might have ...
- 81
0
votes
0
answers
30
views
Not able to get external IP while running load balancer service in k8s, using aws cloud
I am trying to create load balancer service in k8s, However after creating the service, I should have received external IP but not able to see or get. Please find my service.yaml file or output as ...
- 11
2
votes
0
answers
560
views
Changing Role permissions for an active (in-use) ServiceAccount in Kubernetes
Suppose a simple RBAC setup in Kubernetes (assuming default namespace for simplicity):
ServiceAccount + Role + RoleBinding
The role has allows to get and list verbs for pods and pods/log
a Pod using ...
- 761
9
votes
1
answer
5k
views
Can we associate K8s serviceAccount with multiple aws IAM role
is it possible in eks to associate serviceAccount with multiple aws IAM roles? am I allowed to provide multiple arns in service account annotations?
eg
apiVersion: v1
kind: ServiceAccount
metadata:
...
- 149
1
vote
1
answer
442
views
Getting error while deploying istio version 1.16, pods are getting crashed
I am deploying to version 1.16 but the pods are getting crashed below are the pod's error.
istiod pod:
2023-03-21T11:58:09.768255Z info kube controller "extensions.istio.io/v1alpha1/WasmPlugin&...
0
votes
1
answer
895
views
Create secret for my service account but the created service account always show me 0 secret associated with it
My NodeJS microservice is deployed to k8s cluster.
I am running this with my local Docker Desktop k8s environment.
I would like this microservice to access the k8s API server. For that, I guess I ...
- 6,119
1
vote
1
answer
1k
views
Deploy ServiceAccount, ClusterRole & ClusterRoleBinding failure
My NodeJS microservice is deployed to k8s cluster.
I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did this:
apiVersion: ...
- 6,119
0
votes
1
answer
529
views
Allow K8s serviceAccount to read clusterroles, problem when trying to deploy ingress-nginx helm chart with jenkins
I'm trying to deploy ingress-nginx helm chart to K8s with Jenkins running in container.
Kubernetes version: 1.25.4 and
Helm chart: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
I ...
- 51
0
votes
1
answer
451
views
In Kubernetes if I create a rolebinding with a serviceaccount subject without namespace defined ¿which sa is used?
I can create a rolebinding like this
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: test
namespace: rolebinding-ns
subjects:
- kind: ServiceAccount
name: default
...
- 1
4
votes
1
answer
2k
views
How to use kubernetes service account with golang?
Actually, I use kubernetes service accounts mostly with NodeJS, and this works fine, but I have this one service made in Go and I can't seem to make it work with service accounts (I know that the ...
0
votes
0
answers
88
views
Is it possible to use AWS service account in dotnet application instead AWS credentials
Currently, my dotnet application is using AWS credentials but I would like to replace it with service account token. I don't see a way to do that in AWS documentation.
- 689
0
votes
1
answer
1k
views
Default ServiceAccount k8s
I'm a little confused about the default Service Account in new created Namespace in my Minikube.
Does it have any permissions? It seems not because I can't find any rolebinding or clusterrolebindung ...
- 103
0
votes
0
answers
207
views
Is it necessary to add IRSA to aws-auth config map for the corresponding pod to be able to update kube objects
I have a service running inside the EKS cluster which reads/adds/updates/patches different kubernetes objects across multiple namespaces. For this to work, I did the following:
Create an IAM Role =&...
- 1,369
3
votes
2
answers
2k
views
Why new created ServiceAccount has 0 secrets
I have Kubernetes version 1.24.3, and I created a new service account named "deployer", but when I checked it, it shows it doesn't have any secrets.
This is how I created the service account:...
- 13.9k
0
votes
0
answers
276
views
How to access an AWS Resource with the role attached to Kubernetes pod?
I am running a web service in Kubernetes environment. I have attached a role (custom_role) to the pod.
This role has permission to access SQS queue.
Now, how do I utilize this role while accessing the ...
- 45
0
votes
0
answers
69
views
Kubernetes user format
I'm trying to create a pipeline to deploy on Kubernetes. I get an error that the user "system:serviceaccount:my-namespace:default" doesn't have permission to read secrets.
I've installed ...
- 87
1
vote
1
answer
801
views
How to hide a namespace for specific user on kubernetes
I have three namespaces
prod
dev
stage
And I have two users
prod-user : have full access for "prod" namespaces but have no access for "dev" and "stage"
dev-user : have ...
- 11
0
votes
1
answer
441
views
How to associate a Deployment/Pod to a non-default service account by default
When we do not specify any service account in the deployment/pod manifests, it gets associated with the "default" service account in the corresponding namespace.
My question is, can this ...
- 13