Posted on: 12/06/2019

Once you create a service account, Kubernetes will automatically create a related secret that will contain the bearer token.

example.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cloud-function-job-create
  namespace: kube-system

kubectl create -f example.yaml and then:

You’ll need jq installed for the next step.

kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep cloud-function-job-create | awk '{print $1}') -o json | jq -r '.data.token' | base64 -d

Don’t forget you also need to give the service account some permissions. This can be done with a ClusterRoleBinding for example:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloud-function-job-create
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: cloud-function-job-create
  namespace: kube-system