Lab 6.1 Step 2: No Resources Found

mabricker · October 2022

After typing the command under step 2: kubectl get secrets --all-namespaces, I have "No resources found" returned. Is there some underlying detail I missed along the way?

FYI, /var/run/secrets does not exist

chrispokorni · October 2022

Hi @mabricker,

In latest releases, Kubernetes no longer creates token secrets automatically. It becomes the user's responsibility to create them as desired. The following commands should work instead:

export token=$(kubectl create token default)

curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

Regards,
-Chris

Napsty · October 2022

Had the same question as @mabricker . Thanks @chrispokorni for explaining why the default tokens are not created (anymore). The Course material should be updated accordingly.

jimpoe · November 2022

I also ran into the same issue. Glad to see it answered here. Thanks @chrispokorni

dont827273 · November 2022

Should the above commands create resources that should be viewable using the kubectl get secrets command? Because it does not create any secrets according to my installation.

chrispokorni · November 2022

Hi @dont827273,

The kubectl create token ... command above creates a token, not a secret.

You can read more at https://kubernetes.io/docs/concepts/configuration/secret/

Regards,
-Chris

kmai007 · February 2023

its 2/28/2023 and I've ran into this exact issue with this lab material. SO basically your suggestion is to create it and disregard steps 1-3.

dicalleson · March 2023

Same issue here. @chrispokorni Do we create secrets or just skip these steps?

fazlur.khan · March 2023

Hello @kmai007

In the updated lab (2/28/2023) we have added the step 6.2 which generates the token

export token=$(kubectl create token default)

Please verify.

thanks,
Fazlur

dicalleson · March 2023

Summary of issue and proposed answer and correction to lab document:
The Problem:
For Lab 6.1 - Step 1 -3
With k8s Version 1.25.1 you will get the following
$ kubectl get secrets --all-namespaces
No resources found
$ kubectl get secrets
No resources found in default namespace.

Solution: Skip steps 1-4 and instead run
$ export token=$(kubectl create token default)
Then as in step 5 run:
$ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k

fazlur.khan · March 2023

@dicalleson

We have fixed this in the V1.26.1 version of Lab. Thank you.

regards,
Fazlur

nicocerquera · March 2023

Is that version active? at the moment I do not see step 6.2

chrispokorni · March 2023

Hi @nicocerquera,

Yes it is. It has been active since its release 3/1/2023.

Please clear your browser cache, log back into the course, and navigate to Lab 6.1 under the Lessons menu, or simply download the entire lab guide PDF from the Resources menu.

Regards,
-Chris

maybel · July 2023

How are you @chrispokorni? I did precisely the instructions you gave ( export token=$(kubectl create token default)
and curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k),
although the answer is not a resource found when I try to get secrets.

chrispokorni · July 2023

I am good @maybel, thank you for asking. How are things with you?
The token creation command does not generate a secret. That is the reason why no secret is found, which is the expected behavior.
However, was the curl successful once the token was supplied?

Regards,
-Chris

maybel · July 2023

Hi @chrispokorni , As the British like to say: not too bad. Thanks for the curl question because it clarified the exact sentence creating the secret. Unfortunately, it didn't work.

student@cp:~$ kubectl get namespaces
NAME              STATUS   AGE
accounting        Active   113d
default           Active   125d
kube-node-lease   Active   125d
kube-public       Active   125d
kube-system       Active   125d
linkerd           Active   82d
linkerd-viz       Active   82d
low-usage-limit   Active   119d
small             Active   117d
student@cp:~$ kubectl -n default get secrets
NAME                                   TYPE                                  DATA   AGE
dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
kubernetes-dashboard-csrf              Opaque                                1      41d
kubernetes-dashboard-key-holder        Opaque                                2      41d
myingress-ingress-nginx-admission      Opaque                                3      105d
sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
student@cp:~$ kubectl -n default get serviceaccounts
NAME                             SECRETS   AGE
dashboard-kubernetes-dashboard   0         41d
default                          0         125d
myingress-ingress-nginx          0         103d
student@cp:~$ export token=$(kubectl create token default)
student@cp:~$ export token=$(kubectl create token default -n default)
student@cp:~$ curl https://k8scp:6443/apis --header "Authorization: Bearer $token" -k
{
  "kind": "APIGroupList",
  "apiVersion": "v1",
  "groups": [
    {
      "name": "apiregistration.k8s.io",
      "versions": [
        {
          "groupV
...
...
 ],
      "preferredVersion": {
        "groupVersion": "metrics.k8s.io/v1beta1",
        "version": "v1beta1"
      }
    }
  ]
}student@cp:~$kubectl -n default get secrets
NAME                                   TYPE                                  DATA   AGE
dashboard-kubernetes-dashboard-certs   Opaque                                0      41d
dashboard-kubernetes-dashboard-token   kubernetes.io/service-account-token   3      5d17h
kubernetes-dashboard-csrf              Opaque                                1      41d
kubernetes-dashboard-key-holder        Opaque                                2      41d
myingress-ingress-nginx-admission      Opaque                                3      105d
sh.helm.release.v1.dashboard.v1        helm.sh/release.v1                    1      41d
sh.helm.release.v1.myingress.v1        helm.sh/release.v1                    1      103d
student@cp:~$ kubectl -n default get serviceaccounts
NAME                             SECRETS   AGE
dashboard-kubernetes-dashboard   0         41d
default                          0         125d
myingress-ingress-nginx          0         103d

As you can see, I have a namespace called default. The namespace called default has a service account called default as well.
From help I got this:

```

Request a token for a service account in a custom namespace

kubectl create token myapp --namespace myns
```

Because of the command help, I created a token called default in the namespace default, and there is no secret with that name in my namespace default.
By the way, I'm doing lab 15, and I don't catch how to create secrets .

I appreciate any help you can provide. You always find the patience to help me.

maybel · July 2023

sorry for the giant letters

chrispokorni · July 2023

Hi @maybel,

Based on the output shown at step 3 of lab exercise 6.1, your curl command seems to be successful, as it produced the expected output. Meaning that the token was also created successfully.

If needed, a secret object can be created by the user to store the token:
https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

Regards,
-Chris

Lab 6.1 Step 2: No Resources Found

Welcome!

Best Answer

Answers

Request a token for a service account in a custom namespace

Welcome!

Welcome!

Quick Links

Categories

Upcoming Training

Kubernetes Administration (LFS458)

Linux System Administration (LFS301)

Open Source Virtualization (LFS462)

Linux Kernel Debugging and Security (LFD440)