Welcome to the Linux Foundation Forum!

Lab 6.6.13

I created the service account, but there is no token auto-created for it.
Name: security-account
Namespace: default
Image pull secrets:
Mountable secrets:

I have done some research, and it seems that I need to modify the kube-apiserver.yaml and add the following spec:
- command:
- kube-apiserver
- --feature-gates=LegacyServiceAccountToken=true

I am a little confused, what is the purpose of task 13. Are we supposed to create a token manually and assign it to the service accout?
Please let me know.


  • chrispokorni
    chrispokorni Posts: 1,842

    Hi @yiwen.89,

    That is correct, the service account token needs to be created manually when desired:

    kubectl create token SERVICE_ACCOUNT_NAME [options]


  • ccorrads
    ccorrads Posts: 1
    edited May 24

    Ah! I ran into the same problem, breaking change in v1.24 - I would presume updating the content at 6.6.10 to instruct the learner "...creation of the service account and token" is vague enough without giving the answer away, but also does not cause confusion as it does today.

    Also, in the learning lab section 6.3.1 - this should be updated as well. I am running a lab environment on Ubuntu 20.04 locally on kubernetes v1.26.1 and the output of

    kubectl get secrets --all-namespaces

    only lists secrets which I have made in previous labs, no service account secrets.


Upcoming Training