Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create a Kubernetes dashboard token #779

Open
roncemer opened this issue Sep 13, 2024 · 2 comments
Open

Unable to create a Kubernetes dashboard token #779

roncemer opened this issue Sep 13, 2024 · 2 comments
Labels
type/enhancement New feature or request

Comments

@roncemer
Copy link

SUMMARY

Unable to find any way to create a Kubernetes dashboard token. Typically with kubectl, this is done with the following command:

kubectl -n kubernetes-dashboard create token --duration=43200s admin-user

If you add -o yaml to this command, you get output similar to the following:

kind: TokenRequest
metadata:
  creationTimestamp: "2024-09-13T14:58:48Z"
  name: admin-user
  namespace: kubernetes-dashboard
spec:
  audiences:
  - https://kubernetes.default.svc
  boundObjectRef: null
  expirationSeconds: 43200
status:
  expirationTimestamp: "2024-09-14T02:58:48Z"
  token: <base64-encoded token here>

So I tried creating this task:

    - name: "Create a Kubernetes dashboard token"
      changed_when: false
      kubernetes.core.k8s:
        kubeconfig: "{{ kubeconfig }}"
        state: "present"
        force: true
        definition:
          apiVersion: authentication.k8s.io/v1
          kind: TokenRequest
          metadata:
            name: admin-user
            namespace: kubernetes-dashboard
          spec:
            audiences:
            - https://kubernetes.default.svc
            boundObjectRef: null
            expirationSeconds: 43200
      register: create_token_output

But it just generates the following error:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to find exact match for authentication.k8s.io/v1.TokenRequest by [kind, name, singularName, shortNames]"}
ISSUE TYPE
  • Bug Report
COMPONENT NAME

kubernetes.core.k8s

ANSIBLE VERSION
ansible [core 2.17.1]
  config file = None
  configured module search path = ['/Users/rcemer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/rcemer/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.12.6 (main, Sep  6 2024, 19:03:47) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/opt/python@3.12/bin/python3.12)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
Collection      Version
--------------- -------
kubernetes.core 3.2.0
CONFIGURATION
CONFIG_FILE() = None
OS / ENVIRONMENT

Darwin -***.local 23.6.0 Darwin Kernel Version 23.6.0: Mon Jul 29 21:13:04 PDT 2024; root:xnu-10063.141.2~1/RELEASE_ARM64_T6020 arm64

STEPS TO REPRODUCE

Set the kubeconfig fact to the path to a valid kubeconfig file for the cluster, then run the following task.

    - name: "Create a Kubernetes dashboard token"
      changed_when: false
      kubernetes.core.k8s:
        kubeconfig: "{{ kubeconfig }}"
        state: "present"
        force: true
        definition:
          apiVersion: authentication.k8s.io/v1
          kind: TokenRequest
          metadata:
            name: admin-user
            namespace: kubernetes-dashboard
          spec:
            audiences:
            - https://kubernetes.default.svc
            boundObjectRef: null
            expirationSeconds: 43200
      register: create_token_output
EXPECTED RESULTS

Create and output the dashboard token.

ACTUAL RESULTS

Fails with this error:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to find exact match for authentication.k8s.io/v1.TokenRequest by [kind, name, singularName, shortNames]"}
@yurnov
Copy link
Contributor

yurnov commented Sep 14, 2024

Hi @roncemer,

Suppose you will apply the same definition with kubectl apply -f <file.yaml> you will have the same result.

It seems that the request of a service account token is not supported yet in kubernetes.core collections, you can create Feature request or make with requested feathere a PR by yourself with official kubernetes python client.

@gravesm
Copy link
Member

gravesm commented Oct 31, 2024

As @yurnov pointed out, you cannot create a TokenRequest resource using apply. The TokenRequest is a subresource of a ServiceAccount. This would have to be implemented as a new module that uses the token attribute in a similar way to how we implement the k8s_scale module:

kubernetes.core/plugins/modules/k8s_scale.py

Line 375 in c8a9326

resource.scale.patch(body=scale_obj)

@gravesm gravesm added the type/enhancement New feature or request label Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gravesm @roncemer @yurnov