I am new to K8s and this forum. Started to install K8s in my pc lab. I am able to open the k8s dashboard where it is asking for token and kubeconfig file, but my command is not generating any token. Below are the commands I am using:
Above 2 are working fine. Below one is not generating any output :
$ kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secret[0].name}") -o jsonpath="{.data.token}" | base64 --decode
What I am missing? Tried to google a lot but didn’t help. And I don’t know how to get CNI and CRI number? Please share commands for it, in case it is mandatory.
Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version:v1.21.3
Cloud being used: (put bare-metal if not on a public cloud) : Virtual box
Installation method: From ISO
Host OS: Ubuntu 20.04.2 LTS
CNI and version: Calico
CRI and version:
You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.
Thanks protosam for your response. I tried to run the commands but there is no output of first command itself
$ kubectl get serviceaccount dashboard -o jsonpath=“{.secret[0].name}”
I also tried to run above command with sudo and I got error
sudo kubectl get serviceaccount dashboard -o jsonpath=“{.secret[0].name}”
[sudo] password for xxxxx:
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Whereas if I check the status of all PODs namespace, those are in running state
I still think it’s a typo in the jsonpath you’re using. You didn’t change it (I also didn’t correct it in my examples, just pointed out that the problem is a typo).
kubectl get serviceaccount dashboard -o yaml
Your pods have nothing to do with your secrets in this case. You created a service account and the API creates a token for that service account.
I get that command from the tutorial, I was referring. Could you please point out what is wrong. Same command but with yaml format output is given below.
I think it might help if you went through the tutorial in the official documentation. Knowing what the kubectl commands are actually doing is going to help you out a lot in the long run. The dashboard isn’t as useful as kubectl itself.
As for the answer to your problem, take a look at the output from the command I gave you. You see there is a key called secrets.
In the command you’re running, -o jsonpath="..." is used to reference keys from objects in Kubernetes. The problem is that there’s a typo there. Compare that with the object you just got back from the last command I gave you carefully.
Thanks @protosam for sharing the link. In fact, that was my next question to share any good link to understand K8s. I will go through it to clear basics.
Is there any video which can explain better on youtube or udemy? or K8s offical documentation is enough.
I personally like the aloud.guru (rip Linux academy) videos. Though I don’t know how well they hold up for everyone. I had 8+ years of programming, web hosting, and Linux experience before ever watching that content; so my view point when watching them had a lot of holes already filled in.
Like one really big knowledge component is the Linux bit. I learned Linux long ago, just poorly how to run lamp stacks, and then I got leagues better by reading the PDF from this site:
I’m having a similar issue… Docker-Desktop with Kubernetes… Just creating a service account does NOT create a secret. In fact, fresh install… NONE of the service accounts in all namespaces have a secret nor a token. Why is the API not creating them?
Docker-Desktop 4.7.1 includes the appropriate Kubernetes configuration for the controller manager and api service to automatically create secrets and tokens when creating a service account.
Docker-Desktop 4.8.x does not have this configuration. Fresh install or resetting the Kubernetes cluster will prevent the secret and token from automatically being created upon service account creation
The LegacyServiceAccountTokenNoAutoGeneration feature gate is beta, and enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the TokenRequest API to acquire service account tokens, or if a non-expiring token is required, create a Secret API object for the token controller to populate with a service account token by following this guide. (#108309, @zshihang)
After successful installation of k8 cluster, I was trying to deploy k8 dashboard by creating service account though the tokens are not getting generated , i listed all SA and it it showing 0 secrets for each SA . Install Kubernetes Dashboard - Deploy Applications using UI (learnitguide.net) - i was refereeing this link for creating dashboard.
Could you pls help me out on this issue.
The Kubernetes version which i’m using is 1.24 and if secrets are being disabled by default then could you pls show me the method for generating these secrets.
Hi guys,
In the context of K8S created in Azure, this flag is causing a problem since we cannot map the namespaces to Environment. The mapping fails with the message ‘Could not find any secrets associated with the Service Account.’. Has anyone been able to fix this somehow? I will try to turn off the feature gate ‘LegacyServiceAccountTokenNoAutoGeneration’ to see if it resolves my issue, but so far I could not find any workaround to fix that problem in Azure.
We are facing the same issue in our project. After the aks upgrade to 1.24.3 the Kubernetes services endpoints are not created due to this missing secret error. We tried to create the secret after the SA, after the creation by serviceendpoint API, but it didn’t work.