Secret type service-account-token cannot be created #254
Comments
|
I'm having the same issue, any updates on this? |
|
Bumped on this also.. Trying to create a service account using terraform and I can't create the secret for that service account. |
|
@Dariusch removing the type property |
|
@cupojoe yes, removing the type property creates a simple secret. |
|
I see. Well, hopefully, there will be a solution soon. |
|
I have the same issue here, anyone having a solution for this or a workaround? I really need it to be of type kubernetes.io/service-account-token. |
|
yes there is a "temporary" fix by patching it via the null_resource. resource "null_resource" "patch" {
provisioner "local-exec" {
command = <<EOF
SA_SECRET_NAME=$(kubectl get sa ${var.service_account_name} -o jsonpath="{.secrets[*]['name']}");
kubectl patch secret $SA_SECRET_NAME --type=merge -p='{"data":{"key":"'value'"}}';
EOF
}
} |
|
@Dariusch A fix for the limitation on ‘internal Kubernetes annotations’ has been released in 1.7.0. Given you should now be able to add that second annotation, does that resolve this issue? |
|
I believe the annotation should be But then on secret creation I have this weird error : Terraform doesn't seem to like the type property with this value |
|
You need to specify namespace for the secret. This is the correct example that works for me: |
|
This issue has been open 180 days with no activity. If this issue is reproducible with the latest version of the provider and with Terraform 0.12, please comment. Otherwise this issue will be closed in 30 days. |
|
I am on 0.12 and keep getting the error:``` on .terraform/modules/gitlab_infra_runners/kubernetes.tf line 31, in resource "kubernetes_secret" "gitlab_kubernetes_secret": I would like to avoid using a null resource but would like to get a definite answer is this issue has been fixed or not in 0.12. |
|
This configuration works for me: When also creating the service account in the same Terraform operation it is important to set the value of the "kubernetes.io/service-account.name" annotation via referencing the attribute on the SA resource so that Terraform understands the order of dependencies and creates the SA before the secret. |
|
Closing since this issue has been awaiting response for 20 days. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
Setting the annotation via terraform produces another error:
results in
Error: kubernetes_secret.sa-secret: metadata.0.annotations: "kubernetes.io/service-account-token.name" is internal Kubernetes annotationExpected Behavior
Create a secret type service-account-token
Actual Behavior
Error exit 1
Background Information
I am trying to script my hashicorp vault configuration.
I want to create a secret I can reference with a static name and then grant my vault backend config based on the service accounts token stored in the secret.
For reading the secret I am waiting for #243 to be merged
The text was updated successfully, but these errors were encountered: