CKS Lab-Use Bootstrap token for authentication Q.2

Marco78 · December 14, 2024, 1:51pm

Can’t manage to get positive result, even pasting the very solution given:

My attempt:

apiVersion: v1
kind: Secret
metadata:
  # Name MUST be of form "bootstrap-token-<token id>"
  name: bootstrap-token-07401b
  namespace: kube-system

# Type MUST be 'bootstrap.kubernetes.io/token'
type: bootstrap.kubernetes.io/token
stringData:
  # Human readable description. Optional.
  description: "The default bootstrap token generated by 'kubeadm init'."

  # Token ID and secret. Required.
  token-id: 07401b
  token-secret: f395accd246ae52d

  # Allowed usages.
  usage-bootstrap-authentication: "true"
  usage-bootstrap-signing: "true"

  # Extra groups to authenticate the token as. Must start with "system:bootstrappers:"
  auth-extra-groups: system:bootstrappers:kubeadm:default-node-token

Santosh_KodeKloud · December 14, 2024, 6:01pm

HI @Marco78

I tried out this lab, and it worked as expected.
The YAML in the code block you posted looks good.

Can you please try this lab again?

Marco78 · December 14, 2024, 9:31pm

Still not working:

Basically I copy paste what’s in the docs and change auth-extra-groups as per lab trace then delete expiration.

Marco78 · December 15, 2024, 12:25am

I’ve noticed something strange in the callback:

hope it helps!

Santosh_KodeKloud · December 15, 2024, 7:01am

It’s just base64 encoded format of the plainText entry. Do you see any additional space there?

Marco78 · December 15, 2024, 11:02pm

No but the problem is that if you grep the secret you’ll need to use base64 not unencoded value otherwise it won’t find anything, just tested again:

I’ve suspected that was the problem…

Marco78 · December 19, 2024, 12:18am

Hi, is there any news?

Santosh_KodeKloud · December 19, 2024, 6:18am

Hi @Marco78

I am not sure what you are trying to say with:

if you grep the secret you’ll need to use base64 not unencoded

If you need to see if the text you passed is well read while creating the secret. You can echo the encoded value and decode it with --decode and check if the value you entered matches with the decoded one.

I suspect there is some extra space somewhere that’s causing the issue.

Marco78 · December 19, 2024, 9:42am

Tej-Singh-Rana · December 19, 2024, 12:12pm

Hi @Marco78 ,

Thanks for highlighting this. We’re looking into this.

Regards,

Tej-Singh-Rana · December 19, 2024, 12:26pm

Hi @Marco78 ,

The team improved the validation. Please give it a try.

Regards,

Marco78 · December 20, 2024, 12:38am

ok it’s working now, thanks