Skip to main content
Solved

unable to access k10 dashboard

T

Hi,

I have deployed kasten10 on OpenShift 4.14 as an operator. After that I created a k10 instance by following the guideline here https://docs.kasten.io/latest/access/authentication.html#openshift-authentication still not able to access

 

I run the k10tools debug i got the following error

 

Verify OpenShift OAuth Server Connection:
  Openshift URL - https://api.test.abc.com:6443/.well-known/oauth-authorization-server
  Trying to connect to Openshift without TLS (insecureSkipVerify=false)
  Connection failed, testing other options
  Trying to connect to Openshift with TLS but verification disabled (insecureSkipVerify=true)
  Connection succeeded  -  OK

Verify OpenShift Service Account Token:
  Initiating token verification
  Fetched ConfigMap - k10-dex
  Service Account for OpenShift authentication - k10-dex-sa
  Service account reference secret - k10-dex-sa retrieved
  Token retrieved from Service Account secrets
  Token retrieved from ConfigMap
   ({"message":"Token belonging to service account in auth.openshift.serviceAccount k10-dex-sa does not match the token in the helm value auth.openshift.clientSecret\n","function":"kasten.io/k10/kio/tools/k10primer/k10debugger.(*OpenshiftDebugger).verifyToken","linenumber":179,"file":"kasten.io/k10/kio/tools/k10primer/k10debugger/openshift_debugger.go:179"})  -  Error

Get Service Account Error Events:
  Searching for events with error in Service Account - k10-dex-sa
  No error event found in service account - k10-dex-sa  -  OK
 

Best answer by terrencejun321

Hi,

 

Thanks for your advice, i manage to sort it out by using the k10 tools here for missing param and right token

View original
    Did this topic help you find an answer to your question?

    3 comments

    Hagag
    Forum|alt.badge.img+2
    • Hagag
    • Experienced User
    • 154 comments
    • April 2, 2024

    @terrencejun321 
    According to the error message, the token extracted by k10tool for validation does not match the one you've created. Could you please provide details on how you obtained the clientSecret token, the YAML file for the service account k10-dex-sa, and the list of secrets?

    Thanks
    Ahmed Hagag

    Chris.Childerhose
    1 person likes this
    • Chris.Childerhose
      Chris.Childerhose
    T
    • terrencejun321
    • Author
    • Not a newbie anymore
    • 2 comments
    • April 2, 2024
    Hagag wrote:

    @terrencejun321 
    According to the error message, the token extracted by k10tool for validation does not match the one you've created. Could you please provide details on how you obtained the clientSecret token, the YAML file for the service account k10-dex-sa, and the list of secrets?

    Thanks
    Ahmed Hagag

    Hi,

     

    I didn’t create the clientSecret token and i follow the steps here  - https://docs.kasten.io/latest/access/authentication.html#openshift-authentication

    it stated “After the Service Account creation, K10 automatically generates the corresponding client secret required to establish connection to the OpenShift OAuth server.” if create

     

    Below is the yaml of the service account and list of secrets

    ================
    k10-dex-sa YAML
    ================

    apiVersion: v1
    imagePullSecrets:
    - name: k10-dex-sa-dockercfg-srxjm
    kind: ServiceAccount
    metadata:
      annotations:
        serviceaccounts.openshift.io/oauth-redirecturi.dex: https://k10-route-kasten-io.apps.test.abc.com/k10/dex/callback
      creationTimestamp: "2024-04-02T05:01:08Z"
      name: k10-dex-sa
      namespace: kasten-io
      resourceVersion: "22496648"
      uid: 7538c09f-89dd-4d80-a96f-aa7f710f128a
    secrets:
    - name: k10-dex-sa-dockercfg-srxjm


    ================
    list of secrets
    ================
    NAME                                                          TYPE                                  DATA   AGE
    builder-dockercfg-zwf82                                       kubernetes.io/dockercfg               1      11h
    builder-token-48g4m                                           kubernetes.io/service-account-token   4      11h
    default-dockercfg-nrb7m                                       kubernetes.io/dockercfg               1      11h
    default-token-vr7jh                                           kubernetes.io/service-account-token   4      11h
    deployer-dockercfg-lh29t                                      kubernetes.io/dockercfg               1      11h
    deployer-token-ggg84                                          kubernetes.io/service-account-token   4      11h
    k10-cluster-passphrase                                        Opaque                                1      8h
    k10-dex-sa                                                    kubernetes.io/service-account-token   4      3h26m
    k10-dex-sa-dockercfg-srxjm                                    kubernetes.io/dockercfg               1      7h32m
    k10-dex-sa-token-mttfc                                        kubernetes.io/service-account-token   4      7h32m
    k10-grafana                                                   Opaque                                3      3h17m
    k10-grafana-dockercfg-gfl9z                                   kubernetes.io/dockercfg               1      3h17m
    k10-grafana-token-hvt9s                                       kubernetes.io/service-account-token   4      3h17m
    k10-k10-dockercfg-5frrr                                       kubernetes.io/dockercfg               1      3h17m
    k10-k10-token-hx2rw                                           kubernetes.io/service-account-token   4      3h17m
    k10-kasten-operator-rhmp-controller-manager-dockercfg-7blsm   kubernetes.io/dockercfg               1      11h
    k10-kasten-operator-rhmp-controller-manager-token-k4sfh       kubernetes.io/service-account-token   4      11h
    k10-license                                                   Opaque                                1      3h17m
    k10-oidc-auth                                                 Opaque                                11     3h17m
    k10-trial-license                                             Opaque                                1      3h17m
    kopia-tls-cert                                                Opaque                                1      3h17m
    kopia-tls-key                                                 Opaque                                1      3h17m
    prometheus-server-dockercfg-p4x64                             kubernetes.io/dockercfg               1      3h17m
    prometheus-server-token-zs5wz                                 kubernetes.io/service-account-token   4      3h17m
    sh.helm.release.v1.k10.v716                                   helm.sh/release.v1                    1      15s
     

     

    Chris.Childerhose
    1 person likes this
    • Chris.Childerhose
      Chris.Childerhose
    Madi.Cristil
    Forum|alt.badge.img+8
    • Madi.Cristil
    • Community Manager
    • 617 comments
    • April 9, 2024

    @Hagag 

    Madi Cristil
    T
    • terrencejun321
    • Author
    • Not a newbie anymore
    • 2 comments
    • Answer
    • April 17, 2024

    Hi,

     

    Thanks for your advice, i manage to sort it out by using the k10 tools here for missing param and right token

    Comment


    Terms & Conditions