Open olajideoluwatoosin opened 2 years ago
mlbiam
commented
2 years ago Delete the ou-tls-certifiacte Secret in the openunison namespace and re-run the orchestra helm chart. That will regenerate the the certificate with the right names for the API host.
olajideoluwatoosin
commented
2 years ago Thanks. Having new error . "Error from server (BadRequest): The server rejected our request for an unknown reason"
mlbiam
commented
2 years ago Thanks. Having new error . "Error from server (BadRequest): The server rejected our request for an unknown reason"
Is this when you login to the portal or when you use kubectl? If using the portal, can you provide a secreenshot? if with kubectl can you run kubectl --v=11 and also provide logs from openunison?
olajideoluwatoosin
commented
2 years ago This happen when using kubectl. It's okay with dashboard
mlbiam
commented
2 years ago Sorry for the delay. The error message Unable to refresh token usually means that the session has been deleted. This happens when you logout from the portal or if you haven't used kubectl for the idle timeout (900 seconds / 15 minutes by default). It can also happen if your clock is off. When this happens, can you run kubectl get oidc-sessions -n openunison?
olajideoluwatoosin
commented
2 years ago Thanks for the response. I ran the command and attached is what ai got
fawzy-ibrhim
commented
11 months ago I'm facing the similar issue with token failed to refresh with kubectl while I can log in to the dashboard.
I deployed open unison to a baremetal cluster. Initially I was having unauthorized before I enable impersonation which give me access to k8s dashboard but well I use kubectl command to set user in .kubectl/config, I had an error "Unable to connect to the server: x509: certificate is valid for k8sou-apps.x.x.x.x.nip.io, k8sdb.x.x.x.x.nip.io not k8sapi.x.x.x.x.nip.io