K
Q

kubernetes: Authentication to ui with default config file fails

12/20/2017

I have successfully set up a kubernetes cluster on AWS using kops and the following commands:

$ kops create cluster --name=<my_cluster_name> --state=s3://<my-state-bucket> --zones=eu-west-1a --node-count=2 --node-size=t2.micro --master-size=t2.small --dns-zone=<my-cluster-dns>

$ kops update cluster <my-cluster-name> --yes

When accessing the dashboard, I am prompted to either enter a token or

Please select the kubeconfig file that you have created to configure access to the cluster.

When creating the cluster, ~/.kube/config was created that has the following form:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: 
    <some_key_or_token_here>
    server: https://api.<my_cluster_url>
  name: <my_cluster_name>
contexts:
- context:
    cluster: <my_cluster_name>
    user: <my_cluster_name>
  name: <my_cluster_name>
current-context: <my_cluster_name>
kind: Config
preferences: {}
users:
- name: <my_cluster_name>
  user:
    as-user-extra: {}
    client-certificate-data:
    <some_key_or_certificate>
    client-key-data:
    <some_key_or_certificate>
    password: <password>
    username: admin
- name:<my-cluster-url>-basic-auth
  user:
    as-user-extra: {}
    password: <password>
    username: admin

Why when pointing the kubernetes ui to the above file, I get

Authentication failed. Please try again.

-- pkaramol
kubernetes
kubernetes-security

Similar Questions

access minikube service running on remote host
Expose Neo4j cluster in Kubernetes
kubernetes: Error deploying dashboard (ui)
Kubernetes doesn't allow to mount file to container

2 Answers

12/21/2017

In order to enable basic auth in Dashboard --authentication-mode=basic flag has to be provided. By default it is set to --authentication-mode=token

To get the token or understand more about access control please refer here

-- vegiops
Source: StackOverflow
4/26/2018

I tried the same and had the same problem. It turns out that kops creates a certificate based authentication. Certificate based authentication can't be used on the web UI interface. Instead, I tried using the token based authentication. Next question, where do you find the token?

kubectl describe secret

This will show you the default token for the cluster. I assume this is very bad security practice but if you're using the UI to improve your learning and understanding then it will get you moving in the right direction.

This Dashboard wiki page is about authentication. That's where I discovered how to do it.

-- Kevin Monk
Source: StackOverflow