New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fail to login - Access Control is not helping #2558

Closed
ikus060 opened this Issue Nov 8, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@ikus060

ikus060 commented Nov 8, 2017

Dashboard version: recommended
Kubernetes version: v1.8
Operating system: debian Stretch
Node.js version: ?
Go version: ?

I've created a new kubernetes cluster and added the dashboard. I have some trouble to log into the dashboard. Seam I'm not the only one. See #2524, #2474, #2476 and probably more.

Plz don't refer me to the access control page (https://github.com/kubernetes/dashboard/wiki/Access-control) I've already read it.

Is it possible to provide more explicit information about how to make the login work ?
e.g.:

  1. Is is possible to use the kubeconfig authentication ? If so, is it possible to provide a sample or to explain where to get it from ?
  2. Token authentication seems to be the new thing. But after reading dozen pages on the subject, I still don't understand how to generate a new one for myself that allows me to log in to the dashboard with the right permission. Is it possible to describe the steps to generate such token ?

Thanks,

@floreks

This comment has been minimized.

Member

floreks commented Nov 9, 2017

Is is possible to use the kubeconfig authentication ? If so, is it possible to provide a sample or to explain where to get it from ?

As per documentation says:

Only authentication options specified by --authentication-mode flag are supported in kubeconfig file.

By default --authentication-mode is set to token, meaning that kubeconfig file has to be configured to use token based authentication. More information about kubeconfig file can be found here.

Token authentication seems to be the new thing. But after reading dozen pages on the subject, I still don't understand how to generate a new one for myself that allows me to log in to the dashboard with the right permission. Is it possible to describe the steps to generate such token ?

We deliberately do not provide exact steps of how to "generate" token as there are many ways of getting one. It is important that user reads Kubernetes documentation first and understands how different authentication and authorization mechanisms work in order to be able to use them. Dashboard tries to mimic behavior of kubectl which also supports --token parameter that can be used for authentication.

You should start by reading:

Creating and using service accounts is the easiest way of getting tokens, but not the only one. There are more ways described in Kubernetes documentation. We also do not want to copy & paste information that can be found in Kubernetes documentation, but rather point user to it by providing necessary links in our documentation.

@ikus060

This comment has been minimized.

ikus060 commented Nov 9, 2017

I do understand your point, but when trying to setup a kubernetes cluster for the first time, I may not want to know in depth how everything is working. Also, the authentication system seam to be very sophisticated. And before trying to learn how the authentication is working, I want to get into the dashboard.

@floreks

This comment has been minimized.

Member

floreks commented Nov 10, 2017

If you just want to access Dashboard with all privileges you can always try: https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges

After applying this you can use Skip button and have full access to all resources. Then you can take some time to learn how to actually configure some SA and set required privileges by yourself.

@floreks

This comment has been minimized.

Member

floreks commented Nov 16, 2017

I think everything is clear here. Closing.

@floreks floreks closed this Nov 16, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment