Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated default service account token secret instructions in "Access Clusters Using the Kubernetes API' page #45628

Open
hrmcardle0 opened this issue Mar 21, 2024 · 6 comments
Open

Outdated default service account token secret instructions in "Access Clusters Using the Kubernetes API' page #45628

hrmcardle0 opened this issue Mar 21, 2024 · 6 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. language/en Issues or PRs related to English language priority/backlog Higher priority than priority/awaiting-more-evidence. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@hrmcardle0
Copy link

hrmcardle0 commented Mar 21, 2024
edited
Loading

In the 'without kubectl proxy', the section on https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/:

Create a secret to hold a token for the default service account

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: default-token
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF

This is apparently not a thing anymore since 1.22. I attempted it on v1.27 and despite there being no error message, the secret does not exist.
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Mar 21, 2024
@dipesh-rawat
Copy link
Member

Page mentioned in issue: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/
/language en

@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Mar 21, 2024
@dipesh-rawat
Copy link
Member

/retitle Outdated default service account token secret instructions in "Access Clusters Using the Kubernetes API' page

@k8s-ci-robot k8s-ci-robot changed the title Access Clusters Using the Kubernetes API - service account toke Outdated default service account token secret instructions in "Access Clusters Using the Kubernetes API' page Mar 21, 2024
@dipesh-rawat
Copy link
Member

/sig auth

@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Mar 21, 2024
@sftim
Copy link
Contributor

sftim commented Mar 22, 2024

/kind bug
/triage accepted
/priority backlog

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 22, 2024
@MeenuyD
Copy link
Contributor

MeenuyD commented Mar 25, 2024

/assign

@MeenuyD MeenuyD removed their assignment Mar 27, 2024
@mrgiles
Copy link
Contributor

mrgiles commented Aug 10, 2024

Hello @hrmcardle0. i've just tested the instructions on page https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/ with a 1.30 cluster and they seem to work...

kubectl version
Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.0

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: default-token
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF
secret/default-token created

kubectl get secret default-token
NAME            TYPE                                  DATA   AGE
default-token   kubernetes.io/service-account-token   3      3m50s

TOKEN=$(kubectl get secret default-token -o jsonpath='{.data.token}' | base64 --decode)

curl -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "172.18.0.2:6443"
    }
  ]
}%

Can you try again and provide the outputs of your commands? If these instructions still work, I think we could close this issue.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. language/en Issues or PRs related to English language priority/backlog Higher priority than priority/awaiting-more-evidence. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mrgiles @hrmcardle0 @dipesh-rawat @k8s-ci-robot @sftim @MeenuyD