Secret token not generating

Hi,

I am new to K8s and this forum. Started to install K8s in my pc lab. I am able to open the k8s dashboard where it is asking for token and kubeconfig file, but my command is not generating any token. Below are the commands I am using:

$ kubectl create serviceaccount dashboard -n default
$ kubectl create clusterrolebinding dashboard-admin -n default --clusterrole=cluster-admin --serviceaccount=default:dashboard

Above 2 are working fine. Below one is not generating any output :
$ kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secret[0].name}") -o jsonpath="{.data.token}" | base64 --decode

What I am missing? Tried to google a lot but didn’t help. And I don’t know how to get CNI and CRI number? Please share commands for it, in case it is mandatory.

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version:v1.21.3
Cloud being used: (put bare-metal if not on a public cloud) : Virtual box
Installation method: From ISO
Host OS: Ubuntu 20.04.2 LTS
CNI and version: Calico
CRI and version:

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

Break down that command see what was happening.

Example:

kubectl get serviceaccount dashboard -o jsonpath="{.secret[0].name}"
kubectl get secret OUTPUT_FROM_LAST_COMMAND -o jsonpath="{.data.token}"
echo OUTPUT_FROM_LAST_COMMAND | base64 -D

Your problem is a typo in your jsonpath.

Thanks protosam for your response. I tried to run the commands but there is no output of first command itself

$ kubectl get serviceaccount dashboard -o jsonpath="{.secret[0].name}"

I also tried to run above command with sudo and I got error

sudo kubectl get serviceaccount dashboard -o jsonpath="{.secret[0].name}"
[sudo] password for xxxxx:
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Whereas if I check the status of all PODs namespace, those are in running state

kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-76bf499b46-b7cdz 1/1 Running 3 13h
kube-system calico-node-55cj4 1/1 Running 37 13h
kube-system coredns-558bd4d5db-fhfcr 1/1 Running 3 13h
kube-system coredns-558bd4d5db-x48nr 1/1 Running 3 13h
kube-system etcd-master 1/1 Running 3 13h
kube-system kube-apiserver-master 1/1 Running 4 13h
kube-system kube-controller-manager-master 1/1 Running 9 13h
kube-system kube-proxy-cmjn4 1/1 Running 3 13h
kube-system kube-scheduler-master 1/1 Running 9 13h
kubernetes-dashboard dashboard-metrics-scraper-856586f554-jwhw6 1/1 Running 3 13h
kubernetes-dashboard kubernetes-dashboard-67484c44f6-wp9hm 1/1 Running 5 13h

I still think it’s a typo in the jsonpath you’re using. You didn’t change it (I also didn’t correct it in my examples, just pointed out that the problem is a typo).

kubectl get serviceaccount dashboard -o yaml

Your pods have nothing to do with your secrets in this case. You created a service account and the API creates a token for that service account.

I get that command from the tutorial, I was referring. Could you please point out what is wrong. Same command but with yaml format output is given below.

$ kubectl get serviceaccount dashboard -o yaml

apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: “2021-08-01T16:59:54Z”
name: dashboard
namespace: default
resourceVersion: “7530”
uid: da5a7d2a-927f-4943-a746-47125b6fc424
secrets:

  • name: dashboard-token-wqc7n

I think it might help if you went through the tutorial in the official documentation. Knowing what the kubectl commands are actually doing is going to help you out a lot in the long run. The dashboard isn’t as useful as kubectl itself.

As for the answer to your problem, take a look at the output from the command I gave you. You see there is a key called secrets.

In the command you’re running, -o jsonpath="..." is used to reference keys from objects in Kubernetes. The problem is that there’s a typo there. Compare that with the object you just got back from the last command I gave you carefully.

Thanks @protosam for sharing the link. In fact, that was my next question to share any good link to understand K8s. I will go through it to clear basics.

Is there any video which can explain better on youtube or udemy? or K8s offical documentation is enough.

I personally like the aloud.guru (rip Linux academy) videos. Though I don’t know how well they hold up for everyone. I had 8+ years of programming, web hosting, and Linux experience before ever watching that content; so my view point when watching them had a lot of holes already filled in.

Like one really big knowledge component is the Linux bit. I learned Linux long ago, just poorly how to run lamp stacks, and then I got leagues better by reading the PDF from this site:

https://linuxcommand.org/tlcl.php