Closed simu closed 2 years ago
Kubernetes 1.24+ doesn't create service account token secrets by default anymore. However, Lieutenant expects those secrets to be present, as the token is used by the registered clusters to authenticate themselves to Lieutenant (and Vault).
We should ensure Lieutenant creates a secret as documented in https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token, whenever it creates a service account.
Rework the cluster authentication completely.
Context
Kubernetes 1.24+ doesn't create service account token secrets by default anymore. However, Lieutenant expects those secrets to be present, as the token is used by the registered clusters to authenticate themselves to Lieutenant (and Vault).
We should ensure Lieutenant creates a secret as documented in https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token, whenever it creates a service account.
Alternatives
Rework the cluster authentication completely.