Lab 6.1 Step 2: No Resources Found

mabricker

After typing the command under step 2: kubectl get secrets --all-namespaces, I have "No resources found" returned. Is there some underlying detail I missed along the way?

FYI, /var/run/secrets does not exist

chrispokorni

Hi @mabricker,

In latest releases, Kubernetes no longer creates token secrets automatically. It becomes the user's responsibility to create them as desired. The following commands should work instead:

export token=$(kubectl create token default)

curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

Regards,
-Chris

Napsty

Had the same question as @mabricker . Thanks @chrispokorni for explaining why the default tokens are not created (anymore). The Course material should be updated accordingly.

jimpoe

I also ran into the same issue. Glad to see it answered here. Thanks @chrispokorni

dont827273

Should the above commands create resources that should be viewable using the kubectl get secrets command? Because it does not create any secrets according to my installation.

chrispokorni

Hi @dont827273,

The kubectl create token ... command above creates a token, not a secret.

You can read more at https://kubernetes.io/docs/concepts/configuration/secret/

Regards,
-Chris

kmai007

its 2/28/2023 and I've ran into this exact issue with this lab material. SO basically your suggestion is to create it and disregard steps 1-3.

dicalleson

Same issue here. @chrispokorni Do we create secrets or just skip these steps?

fazlur.khan

Hello @kmai007

In the updated lab (2/28/2023) we have added the step 6.2 which generates the token

export token=$(kubectl create token default)

Please verify.

thanks,
Fazlur

dicalleson

Summary of issue and proposed answer and correction to lab document:
The Problem:
For Lab 6.1 - Step 1 -3
With k8s Version 1.25.1 you will get the following
$ kubectl get secrets --all-namespaces
No resources found
$ kubectl get secrets
No resources found in default namespace.

Solution: Skip steps 1-4 and instead run
$ export token=$(kubectl create token default)
Then as in step 5 run:
$ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

fazlur.khan

@dicalleson

We have fixed this in the V1.26.1 version of Lab. Thank you.

regards,
Fazlur

nicocerquera

Is that version active? at the moment I do not see step 6.2

chrispokorni

Hi @nicocerquera,

Yes it is. It has been active since its release 3/1/2023.

Please clear your browser cache, log back into the course, and navigate to Lab 6.1 under the Lessons menu, or simply download the entire lab guide PDF from the Resources menu.

Regards,
-Chris

maybel

How are you @chrispokorni? I did precisely the instructions you gave ( export token=$(kubectl create token default)
and curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k),
although the answer is not a resource found when I try to get secrets.

chrispokorni

I am good @maybel, thank you for asking. How are things with you?
The token creation command does not generate a secret. That is the reason why no secret is found, which is the expected behavior.
However, was the curl successful once the token was supplied?

Regards,
-Chris

maybel

Hi @chrispokorni , As the British like to say: not too bad. Thanks for the curl question because it clarified the exact sentence creating the secret. Unfortunately, it didn't work.

student@cp:~$ kubectl get namespaces
NAME              STATUS   AGE
accounting        Active   113d
default           Active   125d
kube-node-lease   Active   125d
kube-public       Active   125d
kube-system       Active   125d
linkerd           Active   82d
linkerd-viz       Active   82d
low-usage-limit   Active   119d
small             Active   117d
student@cp:~$ kubectl -n default get secrets
NAME                                   TYPE                                  DATA   AGE
dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
kubernetes-dashboard-csrf              Opaque                                1      41d
kubernetes-dashboard-key-holder        Opaque                                2      41d
myingress-ingress-nginx-admission      Opaque                                3      105d
sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
student@cp:~$ kubectl -n default get serviceaccounts
NAME                             SECRETS   AGE
dashboard-kubernetes-dashboard   0         41d
default                          0         125d
myingress-ingress-nginx          0         103d
student@cp:~$ export token=$(kubectl create token default)
student@cp:~$ export token=$(kubectl create token default -n default)
student@cp:~$ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k
{
  "kind": "APIGroupList",
  "apiVersion": "v1",
  "groups": [
    {
      "name": "apiregistration.k8s.io",
      "versions": [
        {
          "groupV
...
...
 ],
      "preferredVersion": {
        "groupVersion": "metrics.k8s.io/v1beta1",
        "version": "v1beta1"
      }
    }
  ]
}student@cp:~$kubectl -n default get secrets
NAME                                   TYPE                                  DATA   AGE
dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
kubernetes-dashboard-csrf              Opaque                                1      41d
kubernetes-dashboard-key-holder        Opaque                                2      41d
myingress-ingress-nginx-admission      Opaque                                3      105d
sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
student@cp:~$ kubectl -n default get serviceaccounts
NAME                             SECRETS   AGE
dashboard-kubernetes-dashboard   0         41d
default                          0         125d
myingress-ingress-nginx          0         103d

As you can see, I have a namespace called default. The namespace called default has a service account called default as well.
From help I got this:

```

Request a token for a service account in a custom namespace

kubectl create token myapp --namespace myns
```

Because of the command help, I created a token called default in the namespace default, and there is no secret with that name in my namespace default.
By the way, I'm doing lab 15, and I don't catch how to create secrets .

I appreciate any help you can provide. You always find the patience to help me.

maybel

sorry for the giant letters

chrispokorni

Hi @maybel,

Based on the output shown at step 3 of lab exercise 6.1, your curl command seems to be successful, as it produced the expected output. Meaning that the token was also created successfully.

If needed, a secret object can be created by the user to store the token:
https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

Regards,
-Chris