Comments (6)
hey @Elexy. Sorry you're having issues.
The "no RBAC policy matched" is actually misleading. At startup, the server attempts to call one of the authentication apis as a non-authenticated user, just to make sure the api exists. I really need to remove (or improve) that logging as it clearly leads to confusion.
As to why you're not able to login, that last line looks like you're token is returning a 401 when calling the selfsubjectaccessreviews. Can you verify that the token you're using is correct? If it is, we'll have to dig in a bit more to figure out what's going on.
from skooner.
@Elexy Were you able to verify that the token was valid? What can I do to help?
from skooner.
I tried the same setup again from scratch and now it works! Must have been a case of fat fingers
Thanks and awesome work!
from skooner.
When I run it through port-forward
the token works:
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectaccessreviews -> https://noise-dns-eea9be65.hcp.eastus.azmk8s.io:443
POST /apis/authorization.k8s.io/v1/selfsubjectaccessreviews 201
but running it through kubectl proxy
auth with the same token fails.
[HPM] POST /apis/authorization.k8s.io/v1/selfsubjectaccessreviews -> https://noise-dns-eea9be65.hcp.eastus.azmk8s.io:443
POST /apis/authorization.k8s.io/v1/selfsubjectaccessreviews 401
p.s. the websockets connection seems to fail with the port-forward
from skooner.
Thanks for chasing down those details. Based on this link (kubernetes/kubernetes#38775) it seems that kubectl proxy
strips the Authorization
header.
From that link:
this is working as expected. "proxying" through the apiserver will not get you standard proxy behavior (preserving Authorization headers end-to-end), because the API is not being used as a standard proxy
So unfortunately, it doesn't sound like it's possible to support using k8dash view kubectl proxy
from skooner.
@herbrandson Thanks for that.
from skooner.
Related Issues (20)
- Add support for user/group impersonation
- The install instructions are broken. HOT 6
- CVE-2021-44906
- CVE-2022-37434
- Enhancement: allow for skipping the login screen HOT 2
- OIDC authorization error: 400 bad request HOT 4
- Need to enable https in skooner HOT 4
- Where are the helm charts? HOT 8
- Up and running with oidc via Dex - metrics URLs return 403s HOT 2
- Bug: RAM Request/Limits calculation is incorrect. HOT 1
- Auth Token HOT 7
- OIDC api is failing . Due to internal error
- How to troubleshoot OIDC issues? HOT 2
- Skooner not displaying Deployments HOT 1
- Running skooner with subpath HOT 1
- Does Skooner support OIDC PKCE Auth HOT 3
- Pods: Ready vs Requested should exclude pods in Succeeded state HOT 1
- kubernetes-skooner.yaml does not declare any CPU/RAM request HOT 1
- Can Skooner base path be changed from / ? HOT 2
- Skooner erroring all of a sudden HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from skooner.