Unresolved Secret reference in ServiceAccount

Secrets are used to hold authentication tokens so ServiceAccounts can access Kubernetes API Server. This validator detects a condition when a Secret used in ServiceAccounts is not found.

Affected Resources: ServiceAccount

Example

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-06-16T00:12:59Z
  name: build-robot
  namespace: default
  resourceVersion: "272500"
  uid: 721ab723-13bc-11e5-aec2-42010af0021e
secrets:
- name: build-robot-token-bvbk5              # Secret not found

Resolution

Check if the Secret is present.

Check if the Secret is present in the same namespace.

Check if the Secret is present in a different namespace. Kubevious Search can be a very handy tool to find Secrets across namespaces. You cannot mount a Secret from a different namespaces. In that case you would need to create a Secret in namespace where the ServiceAccount resides.

Did you make a typo in the ServiceAccount? Kubevious Search uses fuzzy logic to return results and can help with finding the correct Secret.

Learn More

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

Unresolved Role reference in RoleBinding

Unresolved ServiceAccount reference in Binding

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: