New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubectl error "You must be logged in to the server" #30230
Comments
Hello, Additional information : Just see that through the API v3/token that tokens are not expired but enabled is set to false :
The "enabled" field goes from "true" to "false" after ~24 hours. I didn't have this behavior in Rancher 2.1.8. |
definitively helped me ;-) |
I am facing same problem. I did AD configuration yesterday and today I am facing this issue.
|
Found it. You have to click on the Avatar and select "API & Keys". Thanks for the workaround. |
Hello, in my setup I have to keep doing this workaround every hour or so (delete the key, fetch and update the new kubeconfig file). This is quite annoying. Any idea why this is happening and how I can fix it? |
Hi, I don't have a technical solution for the version 2.4.5. We have done an upgrade of Rancher (to 2.5.3) and we use another LDAP directory (openldap) for the authentication. And now, we have no more this issue (token are still available after 24 hours). |
I am on latest version (v2.5.5) and even removed the Active Directory configuration. Still facing the problem. If I try to change it back to true, I get 404 error.
I have tried many options, using tokens, CLI authentication but the same problem is seen. |
Hi, we are experiencing the same problem. |
Re-install with wiping out the DB.
…On Tue, May 25, 2021 at 7:45 PM michalgar ***@***.***> wrote:
Hi, we are experiencing the same problem.
The workaround of deleting the API token works, but only temporarily.
Did anyone manage to solve it? Any insights on this, please?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#30230 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC4XG6RBNGDYIIK6XKFFTJLTPOWHRANCNFSM4UCFSX5A>
.
|
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
reopen for investigation |
@SheilaghM This needs more investigation as we need to reproduce in our setup. As mentioned before, this is caused by our refreshing logic not being able to recongize users so token that belongs to these user are disabled. |
We are facing exact same issue. However we have removed and reinstall rke for rancher host and now we are trying to import existing cluster. but all existing kubernetes clusters are locked and throws the above error. so not sure how to import them again in rancher |
Has anyone experienced this issue with 2.6.3? I'm thinking that this is caused by an integer overflow in v2.5 of the go-ldap package. We use that version in rancher up until 2.6.3, where we used v3.4. V3.4 has a larger destination int (there's still potential for overflow, but the result code would have to be substantially higher), so the overflows shouldn't happen (according to the IANA 4096 is the current highest error code, so uint16 should be sufficient). The reasoning here is that rancher is because of this overflow, rancher isn't seeing the errors, so it's disabling the kubeconfig tokens (since it thinks that the errored searches indicate that the user lost access). It would help to know if people are still experiencing the issue on 2.6.3, as that would indicate the issue is elsewhere. |
this was solved in 2.5.12 and 2.6.3 and we will reopen if we see again |
Hello, |
I'm facing the same issue in 2.6.3. |
Hmm forgot to write back here - but even after upgrading to 2.5.12 we kept running into the issue |
@hoerup I'll try it out tomorrow then. Thx for the tips |
SURE-3029
SURE-3609
SURE-3394
Hi everyone !
What kind of request is this (question/bug/enhancement/feature request):
Question or bug
Steps to reproduce (least amount of steps as possible):
Result:
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Other details that may be helpful:
Environment information
rancher/rancher
/rancher/server
image tag or shown bottom left in the UI): Rancher 2.4.5Cluster information
kubectl version
): v1.18.3docker version
): 19.3.11Thank you for your help !
Nicolas
The text was updated successfully, but these errors were encountered: