Kubeconfig generation not working in k8s clsuter with version higher than 1.24 #168
Comments
|
hi @colteanDeviqon, thanks for your report! We are aware of the problem, and we'll try to come up with a solution as soon as time will allow it :) |
|
Hello,
As a workaround what I do is I first create the user in permission-manager
, configure the rights and before trying to get the kubeconfig I am running
this script with the user name as a first parameter:
saname=$1
secret_name=${saname}-token-$(uuidgen | tr -dc 'a-zA-Z0-9' | fold -w 5 |
head -n 1)
kubectl apply -f << EOF -
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: ${secret_name}
namespace: permission-manager
annotations:
kubernetes.io/service-account.name: ${saname}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ${saname}
namespace: permission-manager
secrets:
- name: ${secret_name}
EOF
I hope this helps :)
Cristian
…On Tue, 29 Aug 2023 at 02:28, Andrei Malafeev ***@***.***> wrote:
***@***.*** <https://github.com/colteanDeviqon>, спасибо за
отчет! Мы знаем о проблеме и постараемся найти решение, как только позволит
время :)
Were you able to find a solution to the problem?
—
Reply to this email directly, view it on GitHub
<#168 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A7CRMPWXGFFEQJ6AXHOFMPDXXUSRJANCNFSM6AAAAAAXZSIIQQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Yes thank you! I did the same with token generation. After creating the secret, mount it to the "empty" service account and everything will work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I have installed permission manager chart version 1.8.0 in a 1.24.2 cluster and when trying to get a kubeconfig for a new user the permission-manager just crashes and restarts without generating the config.
From investigation it looks like starting version 1.24 the LegacyServiceAccountTokenNoAutoGeneration feature gate is beta, and enabled by default which means that service account tokens are no longer auto-generated for every ServiceAccount.
So it looks like the token is not creating for service accounts and thus it cannot generate the kubeconfig for the service accounts.
The text was updated successfully, but these errors were encountered: