Summary of Reddit Comments on "iwan933"

• Kubernetes 1.24 Update:

  • Starting from Kubernetes 1.24, secrets are not automatically generated anymore to push users towards using the new short-lived TokenRequest APIs.
  • If a long-lived token is needed, a secret can be created manually in Kubernetes.

• Creating a Service Account with a Role:

  • To create a Service Account with a Role, the following commands can be used:
    • kubectl create serviceaccount api-user;
    • kubectl create cluster[Role](https://www.amazon.com/Role-Model-Game-Changers-Book-ebook/dp/B08SBK816H/ref=sr_1_1?dib=eyJ2IjoiMSJ9.DjIXhr6BDJMeetTBpx88HdoaYXT2dSmvR9zRzpWWAs-XlxlbXrTf2nBP7dF-_WicVMkMwqJOdmWhpymfdUa4NismYP9LIJ-Pmmd-SL6tJb5gjLad8Uei_3i0EIloQfzaptmudNNiyK04YcAxMfGbmkV_NH-4RxL4H0DmniOFMagI8jf2MNxAPFcwJIdcClBYdM3DVIqndG0gwnGVjI2_8QrS2bqbrpREDFPZkCZvwbw.hd35O3HIPruRmCvNs0xw2rnWxK5W0chlmhtLVmfwCaw&dib_tag=se&keywords=Role&qid=1777642024&sr=8-1&tag=redditrevie08-20)binding api-user-binding --cluster[Role](https://www.amazon.com/Role-Model-Game-Changers-Book-ebook/dp/B08SBK816H/ref=sr_1_1?dib=eyJ2IjoiMSJ9.DjIXhr6BDJMeetTBpx88HdoaYXT2dSmvR9zRzpWWAs-XlxlbXrTf2nBP7dF-_WicVMkMwqJOdmWhpymfdUa4NismYP9LIJ-Pmmd-SL6tJb5gjLad8Uei_3i0EIloQfzaptmudNNiyK04YcAxMfGbmkV_NH-4RxL4H0DmniOFMagI8jf2MNxAPFcwJIdcClBYdM3DVIqndG0gwnGVjI2_8QrS2bqbrpREDFPZkCZvwbw.hd35O3HIPruRmCvNs0xw2rnWxK5W0chlmhtLVmfwCaw&dib_tag=se&keywords=Role&qid=1777642024&sr=8-1&tag=redditrevie08-20)=cluster-admin --serviceaccount=default:api-user;

Pros and Cons

Kubernetes 1.24 Update:

• Pros:

  • Encourages the adoption of new TokenRequest APIs.
  • Provides more control over Secret management.

• Cons:

  • Users may need to adjust their workflows and scripts to account for this change.

Creating a Service Account with a Role:

• Pros:

  • Allows for granular control over cluster permissions.

• Cons:

  • Requires the manual creation of Service Accounts and Role bindings, which can be more time-consuming.