Skip to content

The admission control plugin ServiceAccount is not set

Description

Automate service accounts management. When you create a pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace. You should create your own service account and let the API server manage its security tokens.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
+   - kube-apiserver
+   - --enable-admission-plugins=ServiceAccount
    image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
    ...