Skip to content

invalid "bound_service_account_namespace_selector" configured #31560

New issue
New issue
Open
Open
invalid "bound_service_account_namespace_selector" configured#31560
Labels
auth/k8squestionwaiting-for-response
@yushiqie

Description

@yushiqie
yushiqie
opened on Sep 22, 2025

Vault v1.20.1 (b403b1a), built 2025-07-24T13:33:51Z

I follow these steps:

  1. vault login $ROOT_TOKEN

  2. vault auth enable kubernetes

  3. vault secrets enable -path=secret kv

  4. vault policy write test-policy - <<EOF
    path "secret/data/test/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
    }
    EOF

  5. vault write auth/kubernetes/config
    kubernetes_host="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"
    kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

  6. vault write auth/kubernetes/role/test
    bound_service_account_names=default
    bound_service_account_namespace_selector='kubernetes.io/metadata.name=test'
    policies=test-policy
    ttl=24h

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    auth/k8squestionwaiting-for-response

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions