Skip to main content
84 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
23 views

What we have and want: Currently we make use of the standard clientCredentials flow like it's explained here: https://www.baeldung.com/spring-webclient-oauth2#1-client-and-provider-configurations We ...
TheBuster's user avatar
  • 1
2 votes
0 answers
61 views

I have a Java service that uses the Fabric8 Kubernetes Java Client to connect to a Kubernetes cluster. When I run the service locally using java -jar, it works perfectly. However, when I build a ...
radhakrishna rk rawat's user avatar
  • 21
1 vote
0 answers
59 views

I have the below code in a test function import ( "k8s.io/client-go/kubernetes/fake" ) // Mock Kubernetes client k8sClient := fake.NewClientset() // Mock service account ...
G13's user avatar
  • 95
1 vote
0 answers
69 views

Currently we are running EKS cluster in AWS. We have created service account and annotated with IAM role. Current scenario: We are running a python script using Boto3 inside a docker container within ...
Muneeshpandi's user avatar
  • 464
0 votes
0 answers
369 views

I have GKE cluster that uses a custom service-account. I'm using it to access Google API (Gmail API). But, when I use final List<String> SCOPES = List.of(GmailScopes.GMAIL_READONLY); ...
anz's user avatar
  • 1,072
0 votes
1 answer
202 views

I'm attempting to retrieve a secret from AWS Secret Manager within my EKS cluster. I've followed the steps outlined in the eksworkshop_secret_manager. However, after the secret is written to the pod ...
andrea-anf's user avatar
  • 53
0 votes
1 answer
2k views

I'm working on deploying Backstage on a Kubernetes cluster using the Helm chart and looking to enable guest user access for development purposes. However, I'm encountering a "501 Not Implemented&...
ZSH's user avatar
  • 653
-1 votes
1 answer
212 views

i have a problem when i try to create a cluster on GCP through terraform. It is a permission error on the default nood. So i have my project, and i use a service account host with owner rights. I have ...
Harout's user avatar
  • 7
0 votes
1 answer
208 views

I'm using Please Build to build different modules of my app in a Jenkins job that runs inside an AWS EKS Kubernetes cluster on a linux AWS EC2 instance in a pod using jenkins/slave.jar in a debian ...
Abdullah Khawer's user avatar
  • 5,920
1 vote
1 answer
930 views

RoleBinding subjects do have a namespace field, but when i create a RoleBinding in one namespace with subject in another, it doesn't seem it works. Full example: apiVersion: v1 kind: Namespace ...
draganHR's user avatar
  • 2,997
0 votes
0 answers
178 views

I am creating a local cluster as below: # kind-cluster.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 containerdConfigPatches: - |- [plugins."io.containerd.grpc.v1.cri".registry....
Amin Ba's user avatar
  • 2,565
1 vote
1 answer
267 views

I am trying to connect MinIO GO SDK with AWS EKS service account to work directly with AWS S3 but without any luck. I have tested it with AWS SDK and it works but doesn't work with the MinIO SDK. ...
right's user avatar
  • 252
0 votes
1 answer
2k views

I've a workload that requires some deployments to be scaled up/down at certain hours of the day. Since the load is predictable, I didn't want to spend much time setting up HPA because it's a total ...
Marian's user avatar
  • 1
-1 votes
1 answer
225 views

I need to know id node is spot or not. I found I can collect this data from node labels but case inside node details there is no GKE key label: cloud.google.com/gke-spot: "true" / "...
Adi Epshtain's user avatar
  • 845
3 votes
1 answer
514 views

Regarding these two Terraform GCP resources : google_project_iam and google_service_account_iam I can't fully grasp the differences and use cases were you should use one over the other. I might have ...
Coding_Maeda's user avatar
  • 81
0 votes
2 answers
606 views

we have an EKS cluster on 1.21. There is an nginx-ingress-controller-default-ingress-controller deployed with a Classic Load Balancer. Suddenly, its pods are crashing with following errors. I0815 04:...
Nisarg's user avatar
  • 336
0 votes
0 answers
30 views

I am trying to create load balancer service in k8s, However after creating the service, I should have received external IP but not able to see or get. Please find my service.yaml file or output as ...
love arora's user avatar
  • 11
0 votes
1 answer
372 views

I have created a K8 service account token using following command; kubectl create serviceaccount test-sat-account I have deployment yaml for a dotnet service and I am importing the above token in a ...
Abhijit's user avatar
  • 185
2 votes
0 answers
560 views

Suppose a simple RBAC setup in Kubernetes (assuming default namespace for simplicity): ServiceAccount + Role + RoleBinding The role has allows to get and list verbs for pods and pods/log a Pod using ...
Ilya Ayzenshtok's user avatar
  • 761
3 votes
1 answer
3k views

I am fairly new to cloud and GCP. So, we have an application which uses pub sub, cloud storage, cloud sql and secret manager. This is deployed using helm chart. All services uses different service ...
ankit_'s user avatar
  • 31
9 votes
1 answer
5k views

is it possible in eks to associate serviceAccount with multiple aws IAM roles? am I allowed to provide multiple arns in service account annotations? eg apiVersion: v1 kind: ServiceAccount metadata: ...
NewGuy's user avatar
  • 149
1 vote
1 answer
2k views

I have a helm chart that I have created. In this chart, I have a template for a Job with a post-install hook (code below), custom resource, and config map. apiVersion: batch/v1 kind: Job metadata: ...
Ido Segal's user avatar
  • 422
1 vote
1 answer
447 views

I am deploying to version 1.16 but the pods are getting crashed below are the pod's error. istiod pod: 2023-03-21T11:58:09.768255Z info kube controller "extensions.istio.io/v1alpha1/WasmPlugin&...
Bhagavat Bhise's user avatar
  • 21
0 votes
1 answer
4k views

I have a service account, and this needs access to multiple aws services. Is there any way we could specify multiple role an annotations, or do we expect to create a generic role and give access to ...
enthusiast's user avatar
  • 405
0 votes
1 answer
899 views

My NodeJS microservice is deployed to k8s cluster. I am running this with my local Docker Desktop k8s environment. I would like this microservice to access the k8s API server. For that, I guess I ...
user842225's user avatar
  • 6,139
1 vote
1 answer
231 views

hi,guys,i got some issues when i'm going to running my kubernetes-dashboard😥. the details of the issue is: i cant access my dashboard in browser by using https://<master-ip>:<nodePort>(...
BugKiller's user avatar
  • 94
1 vote
1 answer
1k views

My NodeJS microservice is deployed to k8s cluster. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did this: apiVersion: ...
user842225's user avatar
  • 6,139
0 votes
1 answer
2k views

Hi I am working on a POC, where I have to bring Secrets form AWS secrets manager in a EKS Pod, But I am getting this error. MountVolume.SetUp failed for volume "secrets-store-inline" : rpc ...
Jaipal Solanki's user avatar
  • 11
0 votes
1 answer
532 views

I'm trying to deploy ingress-nginx helm chart to K8s with Jenkins running in container. Kubernetes version: 1.25.4 and Helm chart: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx I ...
mr.Gray's user avatar
  • 51
0 votes
1 answer
1k views

I have been trying to add automountServiceAccountToken: false into deployment using helm but my changes are reflecting inside deployment in kubernetes. I tried below in helpers.tpl {{- "<chart-...
Ravindra Kumar's user avatar
  • 35
0 votes
1 answer
451 views

I can create a rolebinding like this kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: test namespace: rolebinding-ns subjects: - kind: ServiceAccount name: default ...
Roberto's user avatar
  • 1
1 vote
0 answers
474 views

I want to push some jobs.yml script to multiple Kubernetes clusters programmatically, connection details will be provided by customers and we can store it in encrypted format in DB or maybe S3. I'm ...
rohitcoder's user avatar
  • 400
4 votes
1 answer
2k views

Actually, I use kubernetes service accounts mostly with NodeJS, and this works fine, but I have this one service made in Go and I can't seem to make it work with service accounts (I know that the ...
David Nithael Torres Lima's user avatar
  • 437
0 votes
0 answers
108 views

{{- if not (lookup "v1" "ServiceAccount" "{{.Release.Namespace}}" "{{ .Release.preinstall }}" ) }} << another service account >> {{- end }} While ...
Shrey Saxena's user avatar
  • 1
0 votes
0 answers
89 views

Currently, my dotnet application is using AWS credentials but I would like to replace it with service account token. I don't see a way to do that in AWS documentation.
Psdet's user avatar
  • 689
2 votes
0 answers
3k views

I've Strimzi Kafka installed on GKE(GCP), and i'm trying to install Confluent Schema registry referring link - https://github.com/lsst-sqre/strimzi-registry-operator Steps followed: Installed ...
Karan Alang's user avatar
  • 1,111
0 votes
1 answer
1k views

I'm a little confused about the default Service Account in new created Namespace in my Minikube. Does it have any permissions? It seems not because I can't find any rolebinding or clusterrolebindung ...
ralph's user avatar
  • 103
0 votes
1 answer
3k views

Following this guide, I cannot resolve the final fifth step, which fails with: An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation: Not authorized to perform sts:...
noblerthanoedipus's user avatar
  • 516
0 votes
0 answers
207 views

I have a service running inside the EKS cluster which reads/adds/updates/patches different kubernetes objects across multiple namespaces. For this to work, I did the following: Create an IAM Role =&...
Mukund Jalan's user avatar
  • 1,369
0 votes
0 answers
262 views

I'm going to have an unknown number of users access my K8s (specifically OpenShift if that helps) cluster. Each user will have their own random namespace. So I do not know the namespaces in advance ...
elatedgoat's user avatar
  • 41
3 votes
2 answers
2k views

I have Kubernetes version 1.24.3, and I created a new service account named "deployer", but when I checked it, it shows it doesn't have any secrets. This is how I created the service account:...
E235's user avatar
  • 13.9k
0 votes
2 answers
632 views

I deployed a service myservice to the k8s cluster. Using kubectl describe serivce ..., I can find that the service ip is 172.20.127.114 I am trying to figure out how this service ip is assigned. Is ...
yuyang's user avatar
  • 1,691
0 votes
0 answers
280 views

I am running a web service in Kubernetes environment. I have attached a role (custom_role) to the pod. This role has permission to access SQS queue. Now, how do I utilize this role while accessing the ...
Secure Blob's user avatar
  • 45
0 votes
1 answer
1k views

I am getting the following error when trying to use the kubectl command:- error: You must be logged in to the server (the server has asked for the client to provide credentials) i am using the eks and ...
tarun mittal's user avatar
  • 411
0 votes
0 answers
73 views

I'm trying to create a pipeline to deploy on Kubernetes. I get an error that the user "system:serviceaccount:my-namespace:default" doesn't have permission to read secrets. I've installed ...
Gfalco's user avatar
  • 87
0 votes
1 answer
823 views

I'd like to be able to detect inactive Service accounts and User accounts by using kubectl / rest api in my Kubernetes cluster. like for an example idle service account that has not been used for any ...
Yaron Avital's user avatar
  • 1,078
1 vote
1 answer
805 views

I have three namespaces prod dev stage And I have two users prod-user : have full access for "prod" namespaces but have no access for "dev" and "stage" dev-user : have ...
BOY's user avatar
  • 11
4 votes
0 answers
926 views

In a Go application run as a k8s Job, I am attempting to assume a serviceaccount <-> IAM Role when trying to GetObject from an S3 bucket. I attach a serviceAccountName field to the Job spec in ...
kingledion's user avatar
  • 2,550
0 votes
1 answer
443 views

When we do not specify any service account in the deployment/pod manifests, it gets associated with the "default" service account in the corresponding namespace. My question is, can this ...
Visa2Learn's user avatar
  • 13
0 votes
1 answer
1k views

Introduction : I am trying to deploy a RabbitMq Helm Chart to GKE, with my Gitlab CI/CD pipeline. The command I use to install my chart is: helm upgrade --install rabbitmq --create-namespace --...
Hamza Ince's user avatar
  • 704

1
2