Hi
Im in the process of migrating our existing old version of Octopus Deploy to the latest on-premise version (v2023.2 Build 13175).
We use Kubernetes Cluster Deployment Targets.
When following your documentation from:
you advise to configure Kubernetes target with a service account and use the account secret as a Token.
This contradicts the official documentation from Service Accounts | Kubernetes which since v1.22 does not provide the Token as long-lived, meaning it will expire shortly after, and the Deployment Target will not authenticate.
From v1.24 they seems to not even create a secret due to security concerns.
Do you have an official other way to deploy to Kubernetes, perhaps using their TokenRequestAPI which kubernetes.io recommend?
For cloud hosted Clusters we’ve added support for short lived tokens via the relevant tooling (aws-cli/kubelogin etc) however it looks like on-prem clusters haven’t been adjusted just yet.
I did notice that K8’s suggests using certificates as an alternative option, however I’ll check in with the devs about our plans for incorporating the TokenRequest api and will keep you posted with any updates from them:
For example, your external application can authenticate using a well-protected private key and a certificate,
Feel free to reach out with any questions in the meantime at all!