Lab 6.6.13
I created the service account, but there is no token auto-created for it.
Name: security-account
Namespace: default
Labels:
Annotations:
Image pull secrets:
Mountable secrets:
Tokens:
Events:
I have done some research, and it seems that I need to modify the kube-apiserver.yaml and add the following spec:
spec:
containers:
- command:
- kube-apiserver
- --feature-gates=LegacyServiceAccountToken=true
I am a little confused, what is the purpose of task 13. Are we supposed to create a token manually and assign it to the service accout?
Please let me know.
Thanks
Comments
-
Hi @yiwen.89,
That is correct, the service account token needs to be created manually when desired:
kubectl create token SERVICE_ACCOUNT_NAME [options]Regards,
-Chris0 -
Ah! I ran into the same problem, breaking change in v1.24 - I would presume updating the content at 6.6.10 to instruct the learner "...creation of the service account and token" is vague enough without giving the answer away, but also does not cause confusion as it does today.
Also, in the learning lab section 6.3.1 - this should be updated as well. I am running a lab environment on Ubuntu 20.04 locally on kubernetes v1.26.1 and the output of
kubectl get secrets --all-namespacesonly lists secrets which I have made in previous labs, no service account secrets.
0 -
Do the tokens actually need to be created by an admin though?
I answered this question (hopefully correctly) by changing my securityreview pod to run with
pod.spec.serviceAccountName: securityaccount. I then inspected the secrets mounted in the pod:k exec -it securityreview -- cat /var/run/secrets/kubernetes.io/serviceaccount/token > /tmp/securitytoken
It started with the same content as was indicated in the question.
Indeed, if you create it manually with
kubectl create token ...it is meant to be a time-limited token.The required reading would be the following page, which describes the change and some of the rationale.
1
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 754 Linux Foundation IT Professional Programs
- 374 Cloud Engineer IT Professional Program
- 170 Advanced Cloud Engineer IT Professional Program
- 74 DevOps IT Professional Program - Discontinued
- 5 DevOps & GitOps IT Professional Program
- 100 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 2 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 5 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 2 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 794 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 89 Storage
- 769 Linux Distributions
- 81 Debian
- 68 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 112 Mobile Computing
- 20 Android
- 77 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 393 Off Topic
- 121 Introductions
- 182 Small Talk
- 29 Study Material
- 976 Programming and Development
- 310 Kernel Development
- 648 Software Development
- 990 Software
- 382 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)