Welcome to the Linux Foundation Forum!

Lab 6.1. Why tokens from kubectl and busybox are different?

In Lab 6.1 is described the example of working with API and is said "We will deploy a simple Pod and view the resources. If you view the token file you will find it is the same value we put into the $token variable".

I followed instructions and got:

  1. List of secrets
  1. [13:03]user@ubuntu-vbox-k8s-master[~]$ kubectl get secrets --all-namespaces | grep default-tok
  2. default default-token-thgxz kubernetes.io/service-account-token 3 23d
  3. kube-node-lease default-token-64g6n kubernetes.io/service-account-token 3 23d
  4. kube-public default-token-f2b9g kubernetes.io/service-account-token 3 23d
  5. kube-system default-token-bzbps kubernetes.io/service-account-token 3 23d
  6. low-usage-limit default-token-vvf59 kubernetes.io/service-account-token 3 30m
  1. Got one secret (it is suggested to save token from here to $token variable)
  1. [13:03]user@ubuntu-vbox-k8s-master[~]$ kubectl describe secret default-token-thgxz
  2. Name: default-token-thgxz
  3. Namespace: default
  4. Labels: <none>
  5. Annotations: kubernetes.io/service-account.name: default
  6. kubernetes.io/service-account.uid: c155aaa0-0d80-4640-8d56-5fd4c2645380
  7.  
  8. Type: kubernetes.io/service-account-token
  9.  
  10. Data
  11. ====
  12. ca.crt: 1066 bytes
  13. namespace: 7 bytes
  14. token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkVWeGc5ajFJQ0pyWF9MYWJRRldyV0tCQ0lhMFk3T3JJdWtZZmxRY25mRzAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tdGhneHoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImMxNTVhYWEwLTBkODAtNDY0MC04ZDU2LTVmZDRjMjY0NTM4MCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.dw2iQIx3vpw5y-Sqd2hZaFukM9qs1z5_6RCyBdj87SxBWBtjx5eFTSlkWhZrgmsyN0fDhuioqp0C31MSTVxFdhUjNe75jMWKBNeFCI1mZ06C67w9JQPhwS6eOtr009XcCUZj0NFpX2Ttiw90Z-OMrRm49qQVMLp9j4Zwq6Pk-e33GqC9c_I77Pr0YQymQI66dRVTRVOjZbA5Imsd6Etw8kEJ284yklPKu645jT2vFKctRXy6VNnh7RVvP5JhmVKv9U4iatjG9JDhy8z7W9caDDJXgqChIItwdZubWuPUQtdX3ez-q2yOT4_sEvT_virbjEfalr18GfZc9tnq5bjAKg
  1. Created busybox and checked token.
  1. [13:05]user@ubuntu-vbox-k8s-master[~]$ kubectl run -i -t busybox --image=busybox --restart=Never
  2. If you don't see a command prompt, try pressing enter.
  3. / # cat /var/run/secrets/kubernetes.io/serviceaccount/token
  4. eyJhbGciOiJSUzI1NiIsImtpZCI6IkVWeGc5ajFJQ0pyWF9MYWJRRldyV0tCQ0lhMFk3T3JJdWtZZmxRY25mRzAifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjY2MTg0NzI2LCJpYXQiOjE2MzQ2NDg3MjYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJidXN5Ym94IiwidWlkIjoiM2Y3YmY0ZmYtOWUyZC00ZDQwLWE2OTEtOTY1MmE3MjA5NjYyIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzE1NWFhYTAtMGQ4MC00NjQwLThkNTYtNWZkNGMyNjQ1MzgwIn0sIndhcm5hZnRlciI6MTYzNDY1MjMzM30sIm5iZiI6MTYzNDY0ODcyNiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.d_myniWT-JPmMHHkY6U5q8Q8g-Zwd7-1UtYbhfLuPLjFCI0EP9Izg5hCzciH5gQPlm3nLOyFMIopTy_whyI7Aj3dd4X0EedMAb8S8v_3GztC1E2kNMo9w_-e6GuW27HQVv1tq4bxg419DHxjSA7wM7USXfGioMCRjF-E1swcpUHsx0J2jkzrymXAzgyuYvFfD9pk17DOKfnOJlDWPa0Q8B2k33SJ5HILPId11z-CQ0q3yhePpHLtGD9r0AYZ5HpiCplhvhMoZeq3mnCHZKnFZOi_Vi1o08FpiksSYgdL3xlbBD9IVWhxJR8P_BekGmBjaHZWZWdixcHNCSuv5mRxtA/ #

If you check tokens from point 2 and 3 - they are not the same as stated in lab.

What is wrong?

Answers

  • Posts: 27

    UPDATE - the beginning (before ".") in tokens are same, but remaining parts are different

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training