I'm trying to follow the instructions at https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md to create a Kubernetes Dashboard token. However, when I run the specified command, I get an error

% kubectl -n kubernetes-dashboard create token admin-user
Error: must specify one of -f and -k

error: unknown command "token admin-user"
See 'kubectl create -h' for help and examples

If I jump back in the doc history, I see a different, more verbose command that I can run

% kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

This seems to work OK and PR for the doc change mentions "version 1.24" but doesn't mention what piece of software version 1.24 refers to (kubectl? The Dashboard? Kuberenetes itself? kind? Something else?)

So what's going on with that first command? Why doesn't it work?

CodePudding user response：

This is a new feature in kubernetes 1.24, your cluster must be running <1.24 version of Kubernetes. See change log below:

kubectl create token can now be used to request a service account token, and permission to request service account tokens is added to the edit and admin RBAC roles (#107880, @liggitt)

Another snippet showing more relevant info:

Kubectl changes:

Adds a command to kubectl to request a bound service account token. This will help ease the transition from scraping generated service account tokens with commands like kubectl get secret "$(kubectl get serviceaccount default -o jsonpath='{.secrets[0].name}')"

check this for more info: https://github.com/kubernetes/kubernetes/pull/107880