kubernetes: Authentication to ui with default config file fails

Question

I have successfully set up a kubernetes cluster on AWS using kops and the following commands:

$ kops create cluster --name=<my_cluster_name> --state=s3://<my-state-bucket> --zones=eu-west-1a --node-count=2 --node-size=t2.micro --master-size=t2.small --dns-zone=<my-cluster-dns>

$ kops update cluster <my-cluster-name> --yes

When accessing the dashboard, I am prompted to either enter a token or

Please select the kubeconfig file that you have created to configure access to the cluster.

When creating the cluster, ~/.kube/config was created that has the following form:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: 
    <some_key_or_token_here>
    server: https://api.<my_cluster_url>
  name: <my_cluster_name>
contexts:
- context:
    cluster: <my_cluster_name>
    user: <my_cluster_name>
  name: <my_cluster_name>
current-context: <my_cluster_name>
kind: Config
preferences: {}
users:
- name: <my_cluster_name>
  user:
    as-user-extra: {}
    client-certificate-data:
    <some_key_or_certificate>
    client-key-data:
    <some_key_or_certificate>
    password: <password>
    username: admin
- name:<my-cluster-url>-basic-auth
  user:
    as-user-extra: {}
    password: <password>
    username: admin

Why when pointing the kubernetes ui to the above file, I get

Authentication failed. Please try again.

Kevin Monk · Answer 1 · 2018-04-26T12:51:42.537

I tried the same and had the same problem. It turns out that kops creates a certificate based authentication. Certificate based authentication can't be used on the web UI interface. Instead, I tried using the token based authentication. Next question, where do you find the token?

kubectl describe secret

This will show you the default token for the cluster. I assume this is very bad security practice but if you're using the UI to improve your learning and understanding then it will get you moving in the right direction.

This Dashboard wiki page is about authentication. That's where I discovered how to do it.

score 0 · Answer 2 · answered Dec 21 '17 at 13:27

0

In order to enable basic auth in Dashboard --authentication-mode=basic flag has to be provided. By default it is set to --authentication-mode=token

To get the token or understand more about access control please refer here

answered Dec 21 '17 at 13:27

vegiops

293
2
6

The `--authentication-mode=basic` flag is used when? – pkaramol Dec 21 '17 at 13:34
in your kube-api configurations – vegiops Dec 21 '17 at 13:38
2

Sorry, but I'm newbie. where can i found the kube-api configurations? Do I need call some command in kubectl? – William Miranda de Jesus May 25 '18 at 11:02
This answer is not helpful basically you are saying RTFM. – Tomasz Swider Mar 29 '19 at 14:03

kubernetes: Authentication to ui with default config file fails

2 Answers2