Skip to main content
Solved

Unable To Login To New Kasten WebUI - Token Just Refreshes Page

  • May 18, 2026
  • 7 comments
  • 31 views
leaha
Forum|alt.badge.img+3

Hi, hoping someone can point me in the right direct with getting started with Kasten please, as this is almost surely a user error on my part, but I cant figure out what

Like the title says, I have deployed Kasten in a K8S cluster, currently not really doing much until Kasten is setup, however when generating the token to log in to the WebUI, the page just refreshes and I cant log in

This is running on a vSphere Kubernetes cluster, which isnt anything fancy, just K8S with PSA enabled
The K8S release is 1.33, and its a FIPS cluster, if that makes any difference, I would have gone with 1.35 non FIPS, however 1.33 was the latest the primer said 8.5.8 would install on

For the steps I have taken to deploy it, I ran the following once getting logged into my K8S cluster

A default storage class needed setting, from some issues I had before, so the below was run on my preferred storage class
kubectl patch storageclass vsan-esa-auto-raid-policy-latebinding \
  -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'

The repo was added to helm with
helm repo add kasten https://charts.kasten.io/
And helm was update with
helm repo update

A Kasten namespace was created with
kubectl create namespace kasten-io

And, due to 8.5.x requiring elevated permissions, I think they are sorting this with Kasten v9, PSA was disabled through a label on the kasten namespace
kubectl label namespace kasten-io pod-security.kubernetes.io/enforce=privileged

Helm was then used to deploy Kasten with a few flags, 3 secrets I believe is needed due to this being on vSphere, the external gateway flag to expose the UI over the load balancer and another to enable token based authentication, which should really be enabled else the UI just logs you in

helm install k10 kasten/k10 --namespace=kasten-io \
  --set secrets.vsphereUsername=<vsphere-username> \
  --set secrets.vspherePassword='<password>' \
  --set secrets.vsphereEndpoint=<vsphere-fqdn> \
  --set auth.tokenAuth.enabled=true \
  --set externalGateway.create=true \
  --set services.gateway.loadBalancer.type=LoadBalancer

The pods all deploy, and the external service is accessible and I can get to the login screen at
http://<external-ip>/k10/#/

For the token, my understanding is I need a service account with cluster-admin permissions to generate a token, so I ran this to create the service account

kubectl create serviceaccount k10-admin --namespace kasten-io

This to set the permissions

kubectl create clusterrolebinding k10-admin \
  --clusterrole=cluster-admin \
  --serviceaccount=kasten-io:k10-admin

And then this to generate a token
kubectl --namespace kasten-io create token k10-admin --duration=24h

I copied the entire output into the WebUI and the page just refreshes, instead of logging me in

Am I missing something stupid?

Thanks in advance <3

 

Best answer by Munk

In 8.5.7, we added a new feature that now needs https by default. This should resolve your problem https://docs.kasten.io/latest/releasenotes#upgrade-notes-1

    7 comments

    coolsport00
    Forum|alt.badge.img+22
    • coolsport00
    • Veeam Legend
    • May 18, 2026

    Maybe ​@Geoff Burke can give you a hand ​@leaha ?

    Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
    Geoff Burke
    Forum|alt.badge.img+22
    • Geoff Burke
    • Veeam Vanguard
    • May 18, 2026

    Hi Leah,

    Did you also create binding for the K10-Namespace-Admin? https://docs.kasten.io/latest/access/rbac/ 

     

    Apart 

    VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS
    Geoff Burke
    Forum|alt.badge.img+22
    • Geoff Burke
    • Veeam Vanguard
    • May 18, 2026

     

    VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS
    leaha
    Forum|alt.badge.img+3
    • leaha
    • Author
    • Veeam Vanguard
    • May 18, 2026

    Hi Geoff

    Thanks for the reply, I hadnt seen that, I’ll have a look through it tomorrow and see if I can set that up and if it helps - Still getting to grips with K8S, dear lord its not simple haha

    Much appreciated <3

    Munk
    Forum|alt.badge.img
    • Munk
    • New Here
    • Answer
    • May 19, 2026

    In 8.5.7, we added a new feature that now needs https by default. This should resolve your problem https://docs.kasten.io/latest/releasenotes#upgrade-notes-1

    leaha
    Forum|alt.badge.img+3
    • leaha
    • Author
    • Veeam Vanguard
    • May 19, 2026

    In 8.5.7, we added a new feature that now needs https by default. This should resolve your problem https://docs.kasten.io/latest/releasenotes#upgrade-notes-1

    That definitely also looks important

    I’ll see if I can figure out how to set it up with a self signed certificate and use HTTPS, rather than HTTP if I can, I suck with SSL haha

    Thank you

    leaha
    Forum|alt.badge.img+3
    • leaha
    • Author
    • Veeam Vanguard
    • May 19, 2026

    As ​@Munk pointed out the TLS change in 8.5.7 was the issue here

    I created a self signed certificate, added that as a secret into the K8S cluster and added this flag, the last one, to the heml install which changed the deployment to HTTPS, and allowed me in

    helm install k10 kasten/k10 --namespace=kasten-io \
      --set secrets.vsphereUsername=<vsphere-username> \
      --set secrets.vspherePassword='<password>' \
      --set secrets.vsphereEndpoint=<vsphere-fqdn> \
      --set auth.tokenAuth.enabled=true \
      --set externalGateway.create=true \
      --set externalGateway.create=true \
      --set secrets.tlsSecret=kasten-tls

    I’ll be doing a full write up guide on deploying Kasten on VMware/VCF so documentation on this will be coming

    Terms & ConditionsAccessibility statement