Welcome to the Linux Foundation Forum!

Lab 6.1. Why tokens from kubectl and busybox are different?

Gim6626
Gim6626 Posts: 27
in LFS258 Class Forum

In Lab 6.1 is described the example of working with API and is said "We will deploy a simple Pod and view the resources. If you view the token file you will find it is the same value we put into the $token variable".

I followed instructions and got:

  1. List of secrets
[13:03][email protected][~]$ kubectl get secrets --all-namespaces | grep default-tok
default           default-token-thgxz                              kubernetes.io/service-account-token   3      23d
kube-node-lease   default-token-64g6n                              kubernetes.io/service-account-token   3      23d
kube-public       default-token-f2b9g                              kubernetes.io/service-account-token   3      23d
kube-system       default-token-bzbps                              kubernetes.io/service-account-token   3      23d
low-usage-limit   default-token-vvf59                              kubernetes.io/service-account-token   3      30m
  1. Got one secret (it is suggested to save token from here to $token variable)
[13:03][email protected][~]$ kubectl describe secret default-token-thgxz 
Name:         default-token-thgxz
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: c155aaa0-0d80-4640-8d56-5fd4c2645380

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkVWeGc5ajFJQ0pyWF9MYWJRRldyV0tCQ0lhMFk3T3JJdWtZZmxRY25mRzAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tdGhneHoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImMxNTVhYWEwLTBkODAtNDY0MC04ZDU2LTVmZDRjMjY0NTM4MCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.dw2iQIx3vpw5y-Sqd2hZaFukM9qs1z5_6RCyBdj87SxBWBtjx5eFTSlkWhZrgmsyN0fDhuioqp0C31MSTVxFdhUjNe75jMWKBNeFCI1mZ06C67w9JQPhwS6eOtr009XcCUZj0NFpX2Ttiw90Z-OMrRm49qQVMLp9j4Zwq6Pk-e33GqC9c_I77Pr0YQymQI66dRVTRVOjZbA5Imsd6Etw8kEJ284yklPKu645jT2vFKctRXy6VNnh7RVvP5JhmVKv9U4iatjG9JDhy8z7W9caDDJXgqChIItwdZubWuPUQtdX3ez-q2yOT4_sEvT_virbjEfalr18GfZc9tnq5bjAKg
  1. Created busybox and checked token.
[13:05][email protected][~]$ kubectl run -i -t busybox --image=busybox --restart=Never
If you don't see a command prompt, try pressing enter.
/ # cat /var/run/secrets/kubernetes.io/serviceaccount/token
eyJhbGciOiJSUzI1NiIsImtpZCI6IkVWeGc5ajFJQ0pyWF9MYWJRRldyV0tCQ0lhMFk3T3JJdWtZZmxRY25mRzAifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjY2MTg0NzI2LCJpYXQiOjE2MzQ2NDg3MjYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJidXN5Ym94IiwidWlkIjoiM2Y3YmY0ZmYtOWUyZC00ZDQwLWE2OTEtOTY1MmE3MjA5NjYyIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzE1NWFhYTAtMGQ4MC00NjQwLThkNTYtNWZkNGMyNjQ1MzgwIn0sIndhcm5hZnRlciI6MTYzNDY1MjMzM30sIm5iZiI6MTYzNDY0ODcyNiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.d_myniWT-JPmMHHkY6U5q8Q8g-Zwd7-1UtYbhfLuPLjFCI0EP9Izg5hCzciH5gQPlm3nLOyFMIopTy_whyI7Aj3dd4X0EedMAb8S8v_3GztC1E2kNMo9w_-e6GuW27HQVv1tq4bxg419DHxjSA7wM7USXfGioMCRjF-E1swcpUHsx0J2jkzrymXAzgyuYvFfD9pk17DOKfnOJlDWPa0Q8B2k33SJ5HILPId11z-CQ0q3yhePpHLtGD9r0AYZ5HpiCplhvhMoZeq3mnCHZKnFZOi_Vi1o08FpiksSYgdL3xlbBD9IVWhxJR8P_BekGmBjaHZWZWdixcHNCSuv5mRxtA/ #

If you check tokens from point 2 and 3 - they are not the same as stated in lab.

What is wrong?

Answers

  • Gim6626
    Gim6626 Posts: 27

    UPDATE - the beginning (before ".") in tokens are same, but remaining parts are different

Categories

Upcoming Training