Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Failed to deploy a secret with type kubernetes.io/service-account-token #4884
I am trying to deploy a secret containing a token linked to a service account using a Helm chart.
I notice that if I run a
But if I run debug when I'm deploying my release, order changes to the following:
Secret is created before ServiceAccount and so missing after, because k8s doesn't know the ServiceAccount it linked with. I also notice that applying the secret with
This behaviour can be easily reproduce by creating an empty chart and adding the following file in the templates:
Cloud Provider/Platform (AKS, GKE, Minikube etc.):
It is probably because of the installation order in tiller that makes the
I have this issue too, and I figured out what happened until I looked @guillomep 's comment.
And I tried to install the hook for the service account, make sure the service account installed before anything else. This hook can avoid the potential problem from dependencies. For example:
--- apiVersion: v1 kind: ServiceAccount metadata: name: multus-sa namespace: kube-system annotations: "helm.sh/hook": "pre-install" --- apiVersion: v1 kind: Secret metadata: name: multus-sa-secret namespace: kube-system annotations: kubernetes.io/service-account.name: multus-sa type: kubernetes.io/service-account-token
It forces helm to install