问题
I'm using a vanilla minikube environment.
I'm not specifying any service account-related instructions in my bare-bones simple Pod .yaml file.
Inside a deployed Pod, /var/run/secrets/kubernetes.io/serviceaccount/token is empty. What are the possible causes for this?
回答1:
As mentioned in the docs
In version 1.6+, you can opt out of automounting API credentials for a service account by setting automountServiceAccountToken: false on the service account:
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
automountServiceAccountToken: false
In version 1.6+, you can also opt out of automounting API credentials for a particular pod:
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
serviceAccountName: build-robot
automountServiceAccountToken: false
So double check your pod file and check your ServiceAccount configuration with
kubectl describe serviceaccount build-robot to see if you are disabling the automount.
来源:https://stackoverflow.com/questions/47721646/why-would-var-run-secrets-kubernetes-io-serviceaccount-token-be-an-empty-file-i