This message was deleted.
# generala
adamant-kite-43734
05/02/2023, 1:58 PMThis message was deleted.
a
alert-traffic-48134
05/02/2023, 3:32 PMFound a workaround myself : i disabled the FG : LegacyServiceAccountTokenTracking=false
m
melodic-wolf-74801
07/18/2023, 1:08 PMWhere did you deploy this?
a
alert-traffic-48134
07/18/2023, 1:12 PMIn my control-plane configuration. (Sorry , its not a cluster deployed by Rancher. I’ve deploy Kubernetes myself using TalosOS, and then added it to Rancher to have a better user management)
alert-traffic-48134
07/18/2023, 1:13 PMIt’s kubernetes feature Gate
m
melodic-wolf-74801
07/18/2023, 1:13 PMI have my control-plane in Digitialocean
melodic-wolf-74801
07/18/2023, 1:13 PMI don’t believe that I have access to the control-plane’s config
a
alert-traffic-48134
07/18/2023, 1:13 PMYou may want to check with the support if they can add these kind of customisation
m
melodic-wolf-74801
07/18/2023, 1:25 PMDo I understand correctly that this warning message is bc the authentication between rancher and the cluster is token based secret instead of a client certificate ?
a
alert-traffic-48134
07/18/2023, 1:27 PMIt’s because my kubernetes installation created automatically a secret for earch serviceaccount created. And kubectl (i guess) detect that and raise a Warning
m
melodic-wolf-74801
07/18/2023, 1:28 PMIt happens when I try to access my cluster via rancher and not directly using the client config
melodic-wolf-74801
07/18/2023, 1:29 PMwhen I access it directly this warning message doesn’t get raised
a
alert-traffic-48134
07/18/2023, 1:30 PMit’s been a while when i’ve dive into this issue. But i’m pretty sure that all secret are scanned, and if they belong to a serviceaccount , the warning is raised. On kubernetes 1.27
alert-traffic-48134
07/18/2023, 1:33 PMOr maybe, it’s because my user (the rancher one) used has a secret (associated with the serviceAccount) which is “legacy”.
Kubernetes add this labels for those users :
Copy code
labels:
<http://kubernetes.io/legacy-token-last-used|kubernetes.io/legacy-token-last-used>: "2023-04-28"alert-traffic-48134
07/18/2023, 1:34 PMAnd i have’nt found any solution to change the way Rancher generate the secret, so i’ve disabled the FeatureGate in Kubernetes control plane
m
melodic-wolf-74801
07/18/2023, 1:37 PMGonna make a new post about it. Hopefully there are now more people that are trying 1.27.
a
alert-traffic-48134
07/18/2023, 1:37 PMYes sure, and also few month ago , rancher wasn’t officially compatible with 1.27.
What do you mean by a new post ?
alert-traffic-48134
07/18/2023, 1:38 PMOh ok in the general channel 😉
m
melodic-wolf-74801
07/18/2023, 1:38 PMhere on slack
melodic-wolf-74801
07/18/2023, 1:38 PMyes
melodic-wolf-74801
07/18/2023, 1:38 PMah possible that I have to update my rancher 🤔
melodic-wolf-74801
07/18/2023, 1:39 PMhm, looks like rancher 2.7.5 is not certified yet with v1.26.
a
alert-traffic-48134
07/18/2023, 1:40 PMYes even 2.7
alert-traffic-48134
07/18/2023, 1:40 PMWe have a lot a cluster base on rancher 2.6, we are migration to 2.7 but. Rancher 2.6 allow k8s 1.24, then upgrade rancher server to 2.7 to push k8s to 1.26)
1216 Views