Welcome to the Linux Foundation Forum!

Lab 6.1 Step 2: No Resources Found

mabricker
mabricker Posts: 6
edited October 2022 in LFS258 Class Forum

After typing the command under step 2: kubectl get secrets --all-namespaces, I have "No resources found" returned. Is there some underlying detail I missed along the way?

FYI, /var/run/secrets does not exist

Best Answer

  • chrispokorni
    chrispokorni Posts: 2,017
    Answer ✓

    Hi @mabricker,

    In latest releases, Kubernetes no longer creates token secrets automatically. It becomes the user's responsibility to create them as desired. The following commands should work instead:

    export token=$(kubectl create token default)

    curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

    Regards,
    -Chris

Answers

  • Napsty
    Napsty Posts: 10

    Had the same question as @mabricker . Thanks @chrispokorni for explaining why the default tokens are not created (anymore). :) The Course material should be updated accordingly.

  • I also ran into the same issue. Glad to see it answered here. Thanks @chrispokorni

  • Should the above commands create resources that should be viewable using the kubectl get secrets command? Because it does not create any secrets according to my installation.

  • Hi @dont827273,

    The kubectl create token ... command above creates a token, not a secret.

    You can read more at https://kubernetes.io/docs/concepts/configuration/secret/

    Regards,
    -Chris

  • kmai007
    kmai007 Posts: 4
    edited February 28

    its 2/28/2023 and I've ran into this exact issue with this lab material. SO basically your suggestion is to create it and disregard steps 1-3.

  • dicalleson
    dicalleson Posts: 17

    Same issue here. @chrispokorni Do we create secrets or just skip these steps?

  • fazlur.khan
    fazlur.khan Posts: 31

    Hello @kmai007

    In the updated lab (2/28/2023) we have added the step 6.2 which generates the token

    export token=$(kubectl create token default)

    Please verify.

    thanks,
    Fazlur

  • dicalleson
    dicalleson Posts: 17

    Summary of issue and proposed answer and correction to lab document:
    The Problem:
    For Lab 6.1 - Step 1 -3
    With k8s Version 1.25.1 you will get the following
    $ kubectl get secrets --all-namespaces
    No resources found
    $ kubectl get secrets
    No resources found in default namespace.

    Solution: Skip steps 1-4 and instead run
    $ export token=$(kubectl create token default)
    Then as in step 5 run:
    $ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

  • fazlur.khan
    fazlur.khan Posts: 31

    @dicalleson

    We have fixed this in the V1.26.1 version of Lab. Thank you.

    regards,
    Fazlur

  • Is that version active? at the moment I do not see step 6.2

  • chrispokorni
    chrispokorni Posts: 2,017

    Hi @nicocerquera,

    Yes it is. It has been active since its release 3/1/2023.

    Please clear your browser cache, log back into the course, and navigate to Lab 6.1 under the Lessons menu, or simply download the entire lab guide PDF from the Resources menu.

    Regards,
    -Chris

  • maybel
    maybel Posts: 45

    How are you @chrispokorni? I did precisely the instructions you gave ( export token=$(kubectl create token default)
    and curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k),
    although the answer is not a resource found when I try to get secrets.

  • chrispokorni
    chrispokorni Posts: 2,017

    I am good @maybel, thank you for asking. How are things with you?
    The token creation command does not generate a secret. That is the reason why no secret is found, which is the expected behavior.
    However, was the curl successful once the token was supplied?

    Regards,
    -Chris

  • maybel
    maybel Posts: 45

    Hi @chrispokorni , As the British like to say: not too bad. Thanks for the curl question because it clarified the exact sentence creating the secret. Unfortunately, it didn't work.

    student@cp:~$ kubectl get namespaces
    NAME              STATUS   AGE
    accounting        Active   113d
    default           Active   125d
    kube-node-lease   Active   125d
    kube-public       Active   125d
    kube-system       Active   125d
    linkerd           Active   82d
    linkerd-viz       Active   82d
    low-usage-limit   Active   119d
    small             Active   117d
    student@cp:~$ kubectl -n default get secrets
    NAME                                   TYPE                                  DATA   AGE
    dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
    dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
    kubernetes-dashboard-csrf              Opaque                                1      41d
    kubernetes-dashboard-key-holder        Opaque                                2      41d
    myingress-ingress-nginx-admission      Opaque                                3      105d
    sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
    sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
    student@cp:~$ kubectl -n default get serviceaccounts
    NAME                             SECRETS   AGE
    dashboard-kubernetes-dashboard   0         41d
    default                          0         125d
    myingress-ingress-nginx          0         103d
    student@cp:~$ export token=$(kubectl create token default)
    student@cp:~$ export token=$(kubectl create token default -n default)
    student@cp:~$ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k
    {
      "kind": "APIGroupList",
      "apiVersion": "v1",
      "groups": [
        {
          "name": "apiregistration.k8s.io",
          "versions": [
            {
              "groupV
    ...
    ...
     ],
          "preferredVersion": {
            "groupVersion": "metrics.k8s.io/v1beta1",
            "version": "v1beta1"
          }
        }
      ]
    }student@cp:~$kubectl -n default get secrets
    NAME                                   TYPE                                  DATA   AGE
    dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
    dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
    kubernetes-dashboard-csrf              Opaque                                1      41d
    kubernetes-dashboard-key-holder        Opaque                                2      41d
    myingress-ingress-nginx-admission      Opaque                                3      105d
    sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
    sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
    student@cp:~$ kubectl -n default get serviceaccounts
    NAME                             SECRETS   AGE
    dashboard-kubernetes-dashboard   0         41d
    default                          0         125d
    myingress-ingress-nginx          0         103d
    

    As you can see, I have a namespace called default. The namespace called default has a service account called default as well.
    From help I got this:

    ```

    Request a token for a service account in a custom namespace

    kubectl create token myapp --namespace myns
    ```

    Because of the command help, I created a token called default in the namespace default, and there is no secret with that name in my namespace default.
    By the way, I'm doing lab 15, and I don't catch how to create secrets :| .

    I appreciate any help you can provide. You always find the patience to help me.

  • maybel
    maybel Posts: 45

    sorry for the giant letters B)

  • chrispokorni
    chrispokorni Posts: 2,017

    Hi @maybel,

    Based on the output shown at step 3 of lab exercise 6.1, your curl command seems to be successful, as it produced the expected output. Meaning that the token was also created successfully.

    If needed, a secret object can be created by the user to store the token:
    https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

    Regards,
    -Chris

Categories

Upcoming Training