Auth token invalid after first use

Hi, I’m deploying skooner in a k3s cluster in with the following configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: skooner
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: skooner
      app: skooner
  template:
    metadata:
      labels:
        k8s-app: skooner
        app: skooner
    spec:
      containers:
      - name: skooner
        image: ghcr.io/skooner-k8s/skooner:stable
        ports:
        - containerPort: 4654
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 4654
          initialDelaySeconds: 30
          timeoutSeconds: 30
      nodeSelector:
        'kubernetes.io/os': linux

---

apiVersion: v1
kind: Service
metadata:
  name: skooner
  namespace: kube-system
spec:
  ports:
    - port: 80
      targetPort: 4654
  selector:
    k8s-app: skooner
    app: skooner

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: skooner-ingress
  namespace: kube-system
spec:
  rules:
    - host: skooner.mydomain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: skooner
                port:
                  number: 80

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: skooner-sa
  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: skooner-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: skooner-sa
  namespace: kube-system

and then generating credentials the following way:

kubectl create token skooner-sa

The problem is that the token that gets generated is valid the first time I enter it in the login page, but then after the first use I get a 401 Api request error: - Unauthorized response blocking my access.

Another interesting thing is that I suspect that an error banner is supposed to appear, but it only flashes for a few milliseconds before disappearing.

Logs for a failed attempt look like the following:

2024-09-27T18:47:22.593Z GET / 200                                                                                                                       │
2024-09-27T18:47:32.617Z GET / 200                                                                                                                       │
2024-09-27T18:47:42.593Z GET / 200                                                                                                                       │
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://<redacted>:443                                                                │
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://<redacted>:443                                                                │
2024-09-27T18:47:50.346Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401                                                                  │
2024-09-27T18:47:50.347Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401                                                                  │
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://<redacted>:443                                                                │
2024-09-27T18:47:50.415Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401                                                                  │
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://<redacted>:443                                                                │
2024-09-27T18:47:50.426Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401                                                                  │
2024-09-27T18:47:50.432Z GET / 304

skooner-k8s / skooner

Auth token invalid after first use #461