Skip to main content

Hello,

I have an issue with my Kasten Multi-Cluster setup recently. When I try to add a secondary cluster, I have this error message :

 

ERROR: API server connection failed (cluster_name: lab)
  -> ServiceAccount credentials appear to be invalid
    -> the server has asked for the client to provide credentials (post selfsubjectaccessreviews.authorization.k8s.io)

 

 

I able to see the cluster in the multi-cluster interface but the secondary cluster is in error 500

 

 

I checked logs in pod logging-svc and I noted this line :

 

{"File"=>"kasten.io/k10/kio/multicluster/multicluster_proxy.go", "Function"=>"kasten.io/k10/kio/multicluster.serveHTTPHelper", "Level"=>"error", "Line"=>120, "Message"=>"Could not authenticate request for secondary cluster", "Time"=>"2023-11-13T10:52:24.666972037Z", "clusterName"=>"lab", "cluster_name"=>"0567e4fd-4c4f-45df-ac5c-b18b6abf9385", "error"=>{"message"=>"Cluster ID not found", "function"=>"kasten.io/k10/kio/multicluster.AuthenticateRequestForCluster", "linenumber"=>204, "file"=>"kasten.io/k10/kio/multicluster/multicluster_proxy.go:204"}, "hostname"=>"dashboardbff-svc-5c678cc6c6-bgx97", "version"=>"6.0.9"}

 

Thanks in advance for your help

My bad, I used a wrong context kubeconfig which returned an error when it use the serviceaccount of the k10 primary cluster.

I used this kind of command to reproduce the “selfsubjectaccessreviews.authorization.k8s.io”

kubectl auth can-i list pods    --namespace kasten-io   --as system:serviceaccount:kasten-io:k3s-ha-cluster-mc-sa

I hope this helps others


Comment