Serviceaccount with no secrets

peace_around · May 24, 2021, 9:08am

Team,

I was trying to to look into a interesting problem to create a serviceaccount with no secrets access but was not successful.

I was trying below yaml (from kubernetes doc):

apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-robot
automountServiceAccountToken: false

I was able to see the mountable secrets portion everytime i describe the service account, even i delete secret it gets regenerated. Has sanyone come across similar issue.

Thanks in advance

peace_around · May 26, 2021, 4:00am

peace_around:

Team,

I was trying to to look into a interesting problem to create a serviceaccount with no secrets access but was not successful.

I was trying below yaml (from kubernetes doc):
apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-robot
automountServiceAccountToken: false
I was able to see the mountable secrets portion everytime i describe the service account, even i delete secret it gets regenerated. Has sanyone come across similar issue.

anyone has faced similar problem?

Tej-Singh-Rana · June 16, 2021, 3:24pm

Hello, @peace_around
If you will set resource quota for secrets to “0” then you won’t see mountable secrets anymore.
Without it may not be possible.
It’s already written in the k8s docs. Please have a look for point number 3.