Default secret no longer being generated for service account, with Kubernetes 1.24.0

Terraform Providers Kubernetes
1

I am new to terraform and Kubernetes. We are trying to get the service account secret token to pass to create the kubeconfig file. We were using the default_secret_name attribute of the kubernetes_service_account resource to get the same. With the 1.24 version, the default_secret_name attribute has been deprecated and asked to use the kubernetes_secret_v1 resource. We need help to get the method to retrieve the secret token.

Using the default_secret_name attribute, the token has been referenced as

data “kubernetes_secret” “service_account_secret” {
metadata {
name = “${kubernetes_service_account.admin_service_account.default_secret_name}”
}
}
data “template_file” “kubeconfig” {

vars = {

token = “${data.kubernetes_secret.service_account_secret.data.token}”
}
}

How do we refer to/get the token value using the kubernetes_secrets_v1 resource?

Thanks!

2

You can’t - for that, you need to continue using the kubernetes_secret(_v1) data source, as in your existing code, in addition to using the resource.

Make sure you reference the resource’s name from the data source, so Terraform knows the data source depends on the resource:

data "kubernetes_secret_v1" "service_account_secret" {
  metadata {
    name = kubernetes_secret_v1.whatever_you_named_the_resource.metadata.name
  }
}
3

Thanks for your response. We tried to implement using the resource and the data resource and received the error.

  • List item
    When using kubernetes_service_account resource:
    resource “kubernetes_service_account” “admin_service_account” {
    metadata {
    name = “admin-service-account”
    }
    }

http://localhost/api/v1/namespaces/default/serviceaccounts/service-account-name”: dial tcp 127.0.0.1:80: connect: connection refused"

  • List item
    When used kubernetes_service_account_v1 resource:
    resource “kubernetes_service_account_v1” “service_account_token” {
    metadata {
    name = “service_account_token”
    }
    }

metadata.0.name a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, ‘-’ or ‘.’, and must start and end with an alphanumeric character (e.g. ‘example.com’, regex used for validation is ‘a-z0-9?(.a-z0-9?)*’)

Followed by resources:

resource “kubernetes_secret_v1” “my_service_account_token” {
metadata {
annotations = {
kubernetes.io/service-account.name” = “service_account_token”
}
}
type = “kubernetes.io/service-account-token
}

data “kubernetes_secret_v1” “service_account_secret” {
metadata {
name = “${kubernetes_secret_v1.my_service_account_token.metadata.0.name}”
}
}

What must be the value of “name” in kubernetes_service_account_v1? Or Is there something else we are missing?

4

You appear to have not configured the Terraform kubernetes provider with the URL of your Kubernetes API server.

Like it says, you picked a name which isn’t allow for Kubernetes objects. Specifically, you’re not allowed to use underscore characters.

Please read Welcome to the forum - please reformat your message - the forum software is mangling the indentation of your copy/pasted configurations.

Wrapping every Terraform expression in "${ }" ceased to be required from Terraform 0.12 - you should stop using that deprecated syntax.

Whatever name you want to give your service account, of course?