Skip to main content

Hi,

I have deployed kasten10 on OpenShift 4.14 as an operator. After that I created a k10 instance by following the guideline here https://docs.kasten.io/latest/access/authentication.html#openshift-authentication still not able to access

 

I run the k10tools debug i got the following error

 

Verify OpenShift OAuth Server Connection:
  Openshift URL - https://api.test.abc.com:6443/.well-known/oauth-authorization-server
  Trying to connect to Openshift without TLS (insecureSkipVerify=false)
  Connection failed, testing other options
  Trying to connect to Openshift with TLS but verification disabled (insecureSkipVerify=true)
  Connection succeeded  -  OK

Verify OpenShift Service Account Token:
  Initiating token verification
  Fetched ConfigMap - k10-dex
  Service Account for OpenShift authentication - k10-dex-sa
  Service account reference secret - k10-dex-sa retrieved
  Token retrieved from Service Account secrets
  Token retrieved from ConfigMap
   ({"message":"Token belonging to service account in auth.openshift.serviceAccount k10-dex-sa does not match the token in the helm value auth.openshift.clientSecret\n","function":"kasten.io/k10/kio/tools/k10primer/k10debugger.(*OpenshiftDebugger).verifyToken","linenumber":179,"file":"kasten.io/k10/kio/tools/k10primer/k10debugger/openshift_debugger.go:179"})  -  Error

Get Service Account Error Events:
  Searching for events with error in Service Account - k10-dex-sa
  No error event found in service account - k10-dex-sa  -  OK
 

@terrencejun321 
According to the error message, the token extracted by k10tool for validation does not match the one you've created. Could you please provide details on how you obtained the clientSecret token, the YAML file for the service account k10-dex-sa, and the list of secrets?

Thanks
Ahmed Hagag


@terrencejun321 
According to the error message, the token extracted by k10tool for validation does not match the one you've created. Could you please provide details on how you obtained the clientSecret token, the YAML file for the service account k10-dex-sa, and the list of secrets?

Thanks
Ahmed Hagag

Hi,

 

I didn’t create the clientSecret token and i follow the steps here  - https://docs.kasten.io/latest/access/authentication.html#openshift-authentication

it stated “After the Service Account creation, K10 automatically generates the corresponding client secret required to establish connection to the OpenShift OAuth server.” if create

 

Below is the yaml of the service account and list of secrets

================
k10-dex-sa YAML
================

apiVersion: v1
imagePullSecrets:
- name: k10-dex-sa-dockercfg-srxjm
kind: ServiceAccount
metadata:
  annotations:
    serviceaccounts.openshift.io/oauth-redirecturi.dex: https://k10-route-kasten-io.apps.test.abc.com/k10/dex/callback
  creationTimestamp: "2024-04-02T05:01:08Z"
  name: k10-dex-sa
  namespace: kasten-io
  resourceVersion: "22496648"
  uid: 7538c09f-89dd-4d80-a96f-aa7f710f128a
secrets:
- name: k10-dex-sa-dockercfg-srxjm


================
list of secrets
================
NAME                                                          TYPE                                  DATA   AGE
builder-dockercfg-zwf82                                       kubernetes.io/dockercfg               1      11h
builder-token-48g4m                                           kubernetes.io/service-account-token   4      11h
default-dockercfg-nrb7m                                       kubernetes.io/dockercfg               1      11h
default-token-vr7jh                                           kubernetes.io/service-account-token   4      11h
deployer-dockercfg-lh29t                                      kubernetes.io/dockercfg               1      11h
deployer-token-ggg84                                          kubernetes.io/service-account-token   4      11h
k10-cluster-passphrase                                        Opaque                                1      8h
k10-dex-sa                                                    kubernetes.io/service-account-token   4      3h26m
k10-dex-sa-dockercfg-srxjm                                    kubernetes.io/dockercfg               1      7h32m
k10-dex-sa-token-mttfc                                        kubernetes.io/service-account-token   4      7h32m
k10-grafana                                                   Opaque                                3      3h17m
k10-grafana-dockercfg-gfl9z                                   kubernetes.io/dockercfg               1      3h17m
k10-grafana-token-hvt9s                                       kubernetes.io/service-account-token   4      3h17m
k10-k10-dockercfg-5frrr                                       kubernetes.io/dockercfg               1      3h17m
k10-k10-token-hx2rw                                           kubernetes.io/service-account-token   4      3h17m
k10-kasten-operator-rhmp-controller-manager-dockercfg-7blsm   kubernetes.io/dockercfg               1      11h
k10-kasten-operator-rhmp-controller-manager-token-k4sfh       kubernetes.io/service-account-token   4      11h
k10-license                                                   Opaque                                1      3h17m
k10-oidc-auth                                                 Opaque                                11     3h17m
k10-trial-license                                             Opaque                                1      3h17m
kopia-tls-cert                                                Opaque                                1      3h17m
kopia-tls-key                                                 Opaque                                1      3h17m
prometheus-server-dockercfg-p4x64                             kubernetes.io/dockercfg               1      3h17m
prometheus-server-token-zs5wz                                 kubernetes.io/service-account-token   4      3h17m
sh.helm.release.v1.k10.v716                                   helm.sh/release.v1                    1      15s
 

 


@Hagag 


Hi,

 

Thanks for your advice, i manage to sort it out by using the k10 tools here for missing param and right token


Comment