k8s mount service account token

Question

How can I mount service account token, we are using a chart which doesn't support it and after a hour the chart is failing.

https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume ?

I understand that from 1.22.x its by default behavior of k8s

its BoundServiceAccountTokenVolume in the following link https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

Im referring to manually mounting the service account token.

Im talking about vectordev which doesnt support the https://vector.dev/docs/setup/installation/platforms/kubernetes/

update according to this post this is the way to do it on k8s 1.22.x please provide an example since im not sure how to make it work https://github.com/vectordotdev/vector/issues/8616#issuecomment-1010281331

Answer 1

There's no issue for Vector agent to access the token, but the token will now expire within an hour by default; compare to previous where it has no expiry. When the token has past the validity time, the agent application needs to reload the token from the mounted token volume (previously was a secret volume). The change is needed in the agent application to support this paradigm, not on K8s.