英文:
MSG_LOGIN_UNAUTHORIZED_ERROR while kubernetes dashboard
问题
我在Azure Kubernetes集群中使用以下命令部署了Kubernetes仪表板:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
然后,在Azure AD对象上应用了相同集群的ClusterRole和ClusterRoleBinding。
ClusterRole.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admin-user-testing
rules:
- apiGroups:
["*"]
resources: ["*"]
verbs: ["*"]
ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user-testing
subjects:
- kind: User
name: <azure user object id>
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: admin-user-testing
apiGroup: rbac.authorization.k8s.io
用以下命令生成令牌登录仪表板:
kubelogin get-token --login azurecli --server-id xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
在输出中,它会给出令牌属性,但在登录时遇到了401错误,显示未经授权错误消息。
英文:
I deployed kubernetes dashboard in Azure Kubernetes cluster with the help of following command
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
Applied clusterrole and clusterrolebinding to same cluster on my azure AD object.
ClusterRole.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admin-user-testing
rules:
- apiGroups:
["*"]
resources: ["*"]
verbs: ["*"]
ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user-testing
subjects:
- kind: User
name: <azure user object id>
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: admin-user-testing
apiGroup: rbac.authorization.k8s.io
For logging into dashboard I am generating the token with the following command
kubelogin get-token --login azurecli --server-id xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
In output it gives token property
{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"expirationTimestamp":"2023-05-25T15:00:16Z","token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcWJIWkdldyJ9.eyJhdWQiOiI2ZGFlNDJmOC00MzY4LTQ2NzgtOTRmZi0zOTYwZTI4ZTM2MzAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jODk1Y2E0ZS02NTg0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxLCJuYmYiOjE2ODUwMjI2ODYsImV4cCI6MTY4NTAyNjgxNiwiYWNyIjoiMSIsImFpbyI6IkFaUUFhLzhUQUFBQW1OL09tTjU5dzhWOU9RczMwOU94dTJBQzNsaGw3aGR0OVE0MjRrYXh4TVJxaGhKajFKcWwvNWpScVI3VUw1TmJFYVUyOCswZjc5N1hUazRwNG5EbGVtWStuZGZsTmNzSkhSMW5jNGJuUmlQZGJiYWlIVWtSRkE3QWxwT0ZJS0w1NTltd1l4b3J1QlFCZ0l2R0czOEI4dnlrQWZic2ZXZS9yNGZBdzIyRTBnRCtIc20vVmtTYXh4am0yK1JIc0V5YiIsImFsdHNlY2lkIjoiNTo6MTAwMzIwMDFFQzhBMjBDNiIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJhcHBpZGFjciI6IjAiLCJlbWFpbCI6ImJhdGNodS5zYWlha2hpbEBjaXRyaXguY29tIiwiZmFtaWx5X25hbWUiOiJCYXRjaHUiLCJnaXZlbl9uYW1lIjoiU2FpIEFraGlsIiwiZ3JvdXBzIjpbIjZjMmRkMTA4LTdlYzUtNGU3NC05M2M1LWM1MTJmMmYzOWFhYiIsImUyMTBiZTM0LTI2ZGUtNDg5ZS04OThmLTFlYTc4Y2M0YTgwMiIsIjBjY2NmMjU2LTRjYWEtNDdjYS04NDBmLWVmNTliMjc0ZDU3NiIsImY0NzU2MDc3LWI1NWMtNDhhMy05YWFkLWQyZGI0YWJjNGMwZiIsIjZkMzVmMjk3LTRmMzUtNDJlNi04NWE4LTg1NDgzNTdmZWYxNiIsIjJhYzk1Y2EyLTEyZWYtNDg3Ny1hNzYxLTliNzhhYmQ2YWQ5OSIsIjk0OTBjNmE4LWRjYTItNGEwNy1hOTA0LTBiYjQ0MGQyMDEyNSIsImI2ZDdjYmI1LTVkZWEtNDdlOC1hYjJiLWE0Zjg0NTAzMDA3OSIsIjAzMTY2MGMxLWZjNTQtNDk3Yi05MzU3LThkMmJhMThjNmQ5YSIsIjI3ODFlM2NmLTMzMTUtNDlmOC1iYjdjLWEyNWU5NGZmZGYzOSIsImI0MzJhNWVlLTUzNzQtNGZlMy05NjYwLWFmOWZjOWE3NDk3NyIsIjE4NTUwOGYzLTIzYTMtNDAzOC05MzNmLThhNzMyYWYxYWQyYiJdLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zMzU4MzZkZS00MmVmLTQzYTItYjE0NS0zNDhjMmVlOWNhNWIvIiwiaXBhZGRyIjoiMTE2Ljc1Ljk3LjE5MyIsIm5hbWUiOiJCYXRjaHUgU2FpIEFraGlsIiwib2lkIjoiM2QxNTJlN2YtNDQ1Mi00MTNiLWI2YTMtMzE5MjRjNzc3YWNmIiwicHVpZCI6IjEwMDMyMDAxRUZCQkU4QzUiLCJyaCI6IjAuQVxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxM2hHbFA4NVlPS09OakFZQURnLiIsInNjcCI6InVzZXJfaW1wZXJzb25hdGlvbiIsInN1YiI6Ilo1YVh0dm1ndnB6ZTIwdDI0Y1Z4bVprTi1CaDlWc3ZkY04wS2MxdmdqVzgiLCJ0aWQiOiJjODk1Y2E0ZS02NTg0LTQ5ZGUtOTVkNS1lMGVjNGRkNDVlZTEiLCJ1bmlxdWVfbmFtZSI6ImJhdGNodS5zYWlha2hpbEBjaXRyaXguY29tIiwidXRpIjoiYnY2ZEVqVk5ERWlJdUg2ckxiRndBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiZmU5MzBiZTctNWU2Mi00N2RiLTkxYWYtOThjM2E0OWEzOGIxIiwiMTNiZDFjNzItNmY0YS00ZGNmLTk4NWYtMThkM2I4MGYyMDhhIl19.YHv6LgS0CEBUIVEXMSYUMTgPp4Y9BnYWO0oazmxeY4shakf_VCvq9HA-ZNir1JcpgZfKaZPLpaM1bkAvsmgWqS9Fa-EXxRgEhgOavC6_BowdWlaot25xTYOpOD4sUe9mZ2GBvUOC8jNW3Juqple927C9TIUD03bbjkEkuHsi0Wxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}}
After executing kubectl proxy and login to token Sign In button is not responding
In networking tab it shows the following error
{
"status": 401,
"plugins": [],
"errors": [
{
"ErrStatus": {
"metadata": {},
"status": "Failure",
"message": "MSG_LOGIN_UNAUTHORIZED_ERROR",
"reason": "Unauthorized",
"code": 401
}
}
]
}
Screenshot
I have tried multiple solutions but none of them have worked. Please help me resolve this error? Thank you in advance.
答案1
得分: 1
The token is probably simply too big to be handled as an auth header. Request headers have a max size of 4096 KB (depends on the browser and/or proxy implementation) - link
Allow logging in when a very long token is provided (i.e. Azure with groups, etc.) - link to GitHub Repo of Kubernetes dashboard with Feature request where you can see this
英文:
The token is probably simply too big to be handled as an auth header. Request headers have a max size of 4096 KB (depends on the browser and/or proxy implementation) - link
Allow logging in when a very long token is provided (i.e. Azure with groups, etc.) - link to GitHub Repo of Kubernetes dashboard with Feature request where you can see this
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论