projectsveltos / addon-controller

Sveltos Kubernetes add-on controller programmatically deploys add-ons and applications in tens of clusters. Support for ClusterAPI powered clusters, Helm charts, kustomize ,YAMLs. Sveltos has built-in support for multi-tenancy.
https://projectsveltos.github.io/sveltos/
Apache License 2.0
273 stars 20 forks source link

BUG: Failed to get user from token in Dashboard #792

Closed emreberber closed 3 days ago

emreberber commented 4 days ago

Problem Description

Hello. I created Token with Platform-Admin, but I get an error on the login screen.

Platform Administrator Example

System Information

SVELTOS VERSION: 0.41.1 KUBERNETES VERSION: 1.27.4

Logs

(http.go:519] "failed to get user from token: the server could not find the requested resource" logger="gin")
Screenshot
gianlucam76 commented 3 days ago

Thanks @emreberber

Can you please list the steps you used to create the token? Thank you

emreberber commented 3 days ago
$ kubectl create sa platform-admin
$ kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
$ kubectl create token platform-admin --duration=24h

I followed the steps in the document.

gianlucam76 commented 3 days ago

Thank you. Giving a try now. Thanks

gianlucam76 commented 3 days ago

@emreberber I am not able to repro.

This is what I did. Installed cert-manager

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.16.1 \
  --set crds.enabled=true

Installed Sveltos

helm install projectsveltos projectsveltos/projectsveltos -n projectsveltos --create-namespace

Then deployed Dashboard

kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.41.1/manifest/dashboard-manifest.yaml

Finally created

kubectl create sa platform-admin
kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
kubectl create token platform-admin --duration=24h

and I am able to login successfully.

Can you share more details?

thanks

emreberber commented 3 days ago

I tried exactly these steps but I get the same error again.

I am using Kind.

k3d cluster create projectsveltos-cluster-02 \                                                                                                                                        
    --agents 2 --servers 1  \
    --image rancher/k3s:v1.27.4-k3s1
+----------------------------------------+-----------------+---------------------------------------------------------+
| dashboard-54c6777f9c-9tnz5             | dashboard       | docker.io/projectsveltos/dashboard:v0.41.1              |
+----------------------------------------+-----------------+---------------------------------------------------------+
| ui-backend-manager-596f8bddf6-82qg7    | manager         | projectsveltos/ui-backend:v0.41.1                       |
+----------------------------------------+-----------------+---------------------------------------------------------+
gianlucam76 commented 3 days ago

Thanks. Trying that as well. I assume you are doing a port-forward of the dashboard service

emreberber commented 3 days ago

Yes, that's exactly it.

kubectl port-forward svc/dashboard -n projectsveltos 8080:80
gianlucam76 commented 3 days ago

I was able to repro. The version v1.27 does not support this authentication.

I tried with

k3d cluster create projectsveltos-cluster-03 \               
    --agents 2 --servers 1  \
    --image rancher/k3s:v1.29.10-k3s1

and following all steps above, it worked.

gianlucam76 commented 3 days ago

v1.28.0 seems to be the first Kubernetes verision with SelfSubjectReview

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md

The SelfSubjectReview API is promoted to authentication.k8s.io/v1 and the kubectl auth whoami command is GA. (https://github.com/kubernetes/kubernetes/pull/117713, [@nabokihms](https://github.com/nabokihms)) [SIG API Machinery, Architecture, Auth, CLI and Testing]
gianlucam76 commented 3 days ago

@emreberber I will use this bug to add a note on documentation, Dashboard requires v1.28.0 or newer release.

emreberber commented 3 days ago

Great work 🚀 Thanks

gianlucam76 commented 3 days ago

Note added