BUG: Failed to get user from token in Dashboard

[emreberber]

Problem Description

Hello. I created Token with Platform-Admin, but I get an error on the login screen.

Platform Administrator Example

System Information

SVELTOS VERSION: 0.41.1 KUBERNETES VERSION: 1.27.4

Logs

(http.go:519] "failed to get user from token: the server could not find the requested resource" logger="gin")

[gianlucam76]

Thanks @emreberber

Can you please list the steps you used to create the token? Thank you

[emreberber]

$ kubectl create sa platform-admin
$ kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
$ kubectl create token platform-admin --duration=24h

I followed the steps in the document.

[gianlucam76]

Thank you. Giving a try now. Thanks

[gianlucam76]

@emreberber I am not able to repro.

This is what I did. Installed cert-manager

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.16.1 \
  --set crds.enabled=true

Installed Sveltos

helm install projectsveltos projectsveltos/projectsveltos -n projectsveltos --create-namespace

Then deployed Dashboard

kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.41.1/manifest/dashboard-manifest.yaml

Finally created

kubectl create sa platform-admin
kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
kubectl create token platform-admin --duration=24h

and I am able to login successfully.

Can you share more details?

• Where is your management cluster running
• version of dashboard (kubectl get pods -n projectsveltos -o yaml |grep image:)

thanks

[emreberber]

I tried exactly these steps but I get the same error again.

I am using Kind.

k3d cluster create projectsveltos-cluster-02 \                                                                                                                                        
    --agents 2 --servers 1  \
    --image rancher/k3s:v1.27.4-k3s1

+----------------------------------------+-----------------+---------------------------------------------------------+
| dashboard-54c6777f9c-9tnz5             | dashboard       | docker.io/projectsveltos/dashboard:v0.41.1              |
+----------------------------------------+-----------------+---------------------------------------------------------+
| ui-backend-manager-596f8bddf6-82qg7    | manager         | projectsveltos/ui-backend:v0.41.1                       |
+----------------------------------------+-----------------+---------------------------------------------------------+

[gianlucam76]

Thanks. Trying that as well. I assume you are doing a port-forward of the dashboard service

[emreberber]

Yes, that's exactly it.

kubectl port-forward svc/dashboard -n projectsveltos 8080:80

[gianlucam76]

I was able to repro. The version v1.27 does not support this authentication.

I tried with

k3d cluster create projectsveltos-cluster-03 \               
    --agents 2 --servers 1  \
    --image rancher/k3s:v1.29.10-k3s1

and following all steps above, it worked.

[gianlucam76]

v1.28.0 seems to be the first Kubernetes verision with SelfSubjectReview

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md

The SelfSubjectReview API is promoted to authentication.k8s.io/v1 and the kubectl auth whoami command is GA. (https://github.com/kubernetes/kubernetes/pull/117713, [@nabokihms](https://github.com/nabokihms)) [SIG API Machinery, Architecture, Auth, CLI and Testing]

[gianlucam76]

@emreberber I will use this bug to add a note on documentation, Dashboard requires v1.28.0 or newer release.

[emreberber]

Great work 🚀 Thanks

[gianlucam76]

Note added