As of Kubernetes v1.24, secrets are no longer automatically created for service accounts.
You must create a secret manually.
You must also make the secret discoverable. You have two options:
Name your secret ${serviceAccountName}.service-account-token:
apiVersion: v1
kind: Secret
metadata:
name: default.service-account-token
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-tokenThis option is simpler than option 2, as you can create the secret and make it discoverable by name at the same time.
Annotate the service account with the secret name:
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
annotations:
workflows.argoproj.io/service-account-token.name: my-tokenThis option is useful when the secret already exists, or the service account has a very long name.