New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dashboard --token-ttl is not working #2882
Comments
@ykfq you are at the 1.7.1 level. I was running 1.8.3. Would it be possible for you to try the latest version? |
For some very odd reason, it appears to be working now on my newly built k8s cluster. so closing. |
i also meet the issue. |
@Michael-Baylis I have tried a variety of token-ttl values, from 0/infinite to 604800/7 days. Nonetheless, I am logged out consistently throughout the day. You mention:
But I do not see that in the file you posted. I only altered/added the - name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# add no timeout for token - 0 didn't work - make it 7 days?
- --token-ttl=604800 am I missing something? continuously grabbing a token is driving me crazy. |
@rosskevin This argument is related to the internal token used by Dashboard. It does not change a life of the token used to log in, so in case that your token has TTL of i.e. 60 min then this param will not change it. The original token is stored in an encrypted JWE token and it is then decrypted and used by our backend to communicate with API server. I am assuming that this is your issue. |
Thanks @floreks - is there an arg I missed to change the ttl of the browser log in token? or is that currently not configurable? |
@rosskevin Unfortunately, there is no option to extend a life of the original token used to log in as in most scenarios it requires communication with external IdP to refresh the token. We are planning to add support for external IdPs to Dashboard. No ETA though. |
@rosskevin I have no idea why it suddenly started working for me when I created a new cluster and why it wasn't working in the first place, I am afraid. All I know it is still working with a 12 hour token. Fairly sure there is a defect in there somewhere, but it is very subtle. |
I am having the same issue on Kubernetes Dashboard 1.10.0. token-ttl argument just disappears after some time (Pod gets restarted without it and Deployment also loses token-ttl for some reason). Can we reopen this issue or should i create new one? |
@vasicvuk Create new one with detailed description. Remember to link to this issue. |
I'm facing the same issue. |
I'm facing the same issue. |
I had the same issue, ended up editing my args from the terminal as you described and it stopped failing. Thanks |
Looks like you have too many "-" characters there bud |
Environment
Dashboard version: 1.8.3
Kubernetes version: 1.9.3
Operating system: Ubuntu LTS 16.04
Steps to reproduce
Observed result
Expected result
That the jwetoken remains valid for 12 hours and we will not require authenticating until the 12 hours are up.
Comments
dashboard deployment yaml:-
The text was updated successfully, but these errors were encountered: