【k8s】automountServiceAccountToken

环境

kubernetes 1.20.6
Spring Boot 2.5.0-RC1

目标

automountServiceAccountToken 表示是否将服务账号默认挂载到 Pod 中，默认是 true。

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: spring-k8s
spec:
  containers:
    - name: spring-k8s
      image: jiangbo920827/spring-k8s:liveness
      ports:
        - containerPort: 8080

查看

[root@master ~]# kubectl describe pod spring-k8s
Name:         spring-k8s
Namespace:    default
Priority:     0
...
Volumes:
  default-token-slbq5:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-slbq5
    Optional:    false
QoS Class:       BestEffort
...

[root@master ~]# kubectl exec spring-k8s -- ls -l /var/run/secrets/kubernetes.io/serviceaccount
total 0
lrwxrwxrwx    1 root     root            13 May 30 15:24 ca.crt -> ..data/ca.crt
lrwxrwxrwx    1 root     root            16 May 30 15:24 namespace -> ..data/namespace
lrwxrwxrwx    1 root     root            12 May 30 15:24 token -> ..data/token

automountServiceAccountToken

apiVersion: v1
kind: Pod
metadata:
  name: spring-k8s
spec:
  automountServiceAccountToken: false
  containers:
    - name: spring-k8s
      image: jiangbo920827/spring-k8s:liveness
      ports:
        - containerPort: 8080

服务账号并不会自动挂载到 Pod 中。

总结

将默认挂载到 Pod 中的服务账号移除。

【k8s】automountServiceAccountToken

环境

目标

pod.yaml

查看

automountServiceAccountToken

总结

附录