-
Bug
-
Resolution: Unresolved
-
Normal
-
4.15.z, 4.16.z
-
Moderate
-
None
-
False
-
Description of problem:
According to the OpenShift documentation about ServiceAccounts (https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-creating-service-accounts.html) API token secrets are created with all new ServiceAccounts. API tokens are not being created automatically on my 4.15.23 and 4.16.3 OCP clusters.
Version-Release number of selected component (if applicable):
OCP on Z version 4.15.23, 4.16.3
How reproducible:
Happening on multiple newly installed clusters
Steps to Reproduce:
1. Install OCP cluster
2. oc describe sa default -n default and check if there is an associated token secret with the serviceaccount
3. oc create sa robot -n default
4. oc describe sa robot -n default and check if there is an associated token secret with the serviceaccount
Actual results:
Token secret is not present
Expected results:
Token secret is present
Additional info:
Found this RH solution (https://access.redhat.com/solutions/7032599) that says since 4.10 will need to create tokens manually but the OCP docs state that all ServiceAccounts should have an API token so it would be good to reconcile the difference between the docs and the solution whether they are automatically created or not.
