Welcome to the Linux Foundation Forum!

6.6 Lab Review

diveshpanwar Posts: 1
edited March 2021 in LFD259 Class Forum

Hi All

This might be very stupid question but kindly explain:

In the review file point 13 states
" Locate the token of the securityaccount. Create a file called /tmp/securitytoken. Put only the value of token: isequal to, a long string that may start with eyJh and be several lines long. Careful that only that string exists in the file."

Its kind of ambiguous:
so what should be the o/p in the file (suppose xyz.... is the token):

**token: xyz........




  • chrispokorni
    chrispokorni Posts: 2,112

    Hi @diveshpanwar,

    Provided that the token is stored in a key/value pair format, then "only the value of the token" followed by the description of the value string describes the "xyz..." string, and not the "token:" string. Therefore the file should include only the value string of the token, not the "token:" key.


  • I'm a little bit shocked by this point, of the domain review.
    I can understand that the first part is to test the ability to find this token, but I don't understand why is required to write this token to a temp file, and after that, without an intermediate step, step 14 asks to remove any created resource on the domain review.

    What is the purpose of this temp file?


  • chrispokorni
    chrispokorni Posts: 2,112

    Hi @Oscmedgon,

    The domain reviews are meant to test learners' abilities to run specific tasks independently, without much "help", similar to a real world administration scenario. Knowing how to extract specific details and/or information from an API object is a valuable skill, and this particular scenario tests the ability to extract the value of a predefined token.

    Also, it is common practice to delete/remove resources and artifacts created during an exercise, in order to free up resources - cpu, memory, and disk space.


  • Hi @chrispokorni,
    Actually I would really like to see the solution for all the domain reviews, as this would help a trainee to see if they are doing stuff right.A good example is this last task. so even if you fulfilled all task and have created a clusterRole + binding + serviceAccount , you just don't know if the permissions have been correct... That's very disappointing to me....

  • chrispokorni
    chrispokorni Posts: 2,112

    Hi @leon.kupper,

    Solutions have not been compiled for the domain review questions, however, a few methods of solving this specific question can be found in the forums.


  • ht0522
    ht0522 Posts: 1

    How to create serviceaccount with secret token

  • I agree that task ends a bit unmotivated. There is nothing to do with the token. There is little point in learning how to create the token if you don't know how to use it and what it is for. I think follow up tasks are missing like:

    • create a pod that you can exec into with curl inside
    • mount that tmp file as a volume to that pod
    • from within that pod, use the token to access list the rest api that lists the pods of the cluster via curl
    • repeat, but instead of mounting the tmp file, bind the pod to the service account, find the token inside the pod and list the pods using curl again.

    or something like that.


Upcoming Training