Search code examples
kubernetesazure-active-directorykubectlazure-akskubernetes-dashboard

MSG_LOGIN_UNAUTHORIZED_ERROR while kubernetes dashboard

I deployed kubernetes dashboard in Azure Kubernetes cluster with the help of following command

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

Applied clusterrole and clusterrolebinding to same cluster on my azure AD object.

ClusterRole.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: admin-user-testing
rules:
  - apiGroups:
      ["*"]
    resources: ["*"]
    verbs: ["*"]

ClusterRoleBinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user-testing
subjects:
- kind: User
  name: <azure user object id>
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: admin-user-testing
  apiGroup: rbac.authorization.k8s.io

For logging into dashboard I am generating the token with the following command

kubelogin get-token --login azurecli --server-id xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

In output it gives token property

{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"expirationTimestamp":"2023-05-25T15:00:16Z","token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcWJIWkdldyJ9.eyJhdWQiOiI2ZGFlNDJmOC00MzY4LTQ2NzgtOTRmZi0zOTYwZTI4ZTM2MzAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jODk1Y2E0ZS02NTg0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxLCJuYmYiOjE2ODUwMjI2ODYsImV4cCI6MTY4NTAyNjgxNiwiYWNyIjoiMSIsImFpbyI6IkFaUUFhLzhUQUFBQW1OL09tTjU5dzhWOU9RczMwOU94dTJBQzNsaGw3aGR0OVE0MjRrYXh4TVJxaGhKajFKcWwvNWpScVI3VUw1TmJFYVUyOCswZjc5N1hUazRwNG5EbGVtWStuZGZsTmNzSkhSMW5jNGJuUmlQZGJiYWlIVWtSRkE3QWxwT0ZJS0w1NTltd1l4b3J1QlFCZ0l2R0czOEI4dnlrQWZic2ZXZS9yNGZBdzIyRTBnRCtIc20vVmtTYXh4am0yK1JIc0V5YiIsImFsdHNlY2lkIjoiNTo6MTAwMzIwMDFFQzhBMjBDNiIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJhcHBpZGFjciI6IjAiLCJlbWFpbCI6ImJhdGNodS5zYWlha2hpbEBjaXRyaXguY29tIiwiZmFtaWx5X25hbWUiOiJCYXRjaHUiLCJnaXZlbl9uYW1lIjoiU2FpIEFraGlsIiwiZ3JvdXBzIjpbIjZjMmRkMTA4LTdlYzUtNGU3NC05M2M1LWM1MTJmMmYzOWFhYiIsImUyMTBiZTM0LTI2ZGUtNDg5ZS04OThmLTFlYTc4Y2M0YTgwMiIsIjBjY2NmMjU2LTRjYWEtNDdjYS04NDBmLWVmNTliMjc0ZDU3NiIsImY0NzU2MDc3LWI1NWMtNDhhMy05YWFkLWQyZGI0YWJjNGMwZiIsIjZkMzVmMjk3LTRmMzUtNDJlNi04NWE4LTg1NDgzNTdmZWYxNiIsIjJhYzk1Y2EyLTEyZWYtNDg3Ny1hNzYxLTliNzhhYmQ2YWQ5OSIsIjk0OTBjNmE4LWRjYTItNGEwNy1hOTA0LTBiYjQ0MGQyMDEyNSIsImI2ZDdjYmI1LTVkZWEtNDdlOC1hYjJiLWE0Zjg0NTAzMDA3OSIsIjAzMTY2MGMxLWZjNTQtNDk3Yi05MzU3LThkMmJhMThjNmQ5YSIsIjI3ODFlM2NmLTMzMTUtNDlmOC1iYjdjLWEyNWU5NGZmZGYzOSIsImI0MzJhNWVlLTUzNzQtNGZlMy05NjYwLWFmOWZjOWE3NDk3NyIsIjE4NTUwOGYzLTIzYTMtNDAzOC05MzNmLThhNzMyYWYxYWQyYiJdLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zMzU4MzZkZS00MmVmLTQzYTItYjE0NS0zNDhjMmVlOWNhNWIvIiwiaXBhZGRyIjoiMTE2Ljc1Ljk3LjE5MyIsIm5hbWUiOiJCYXRjaHUgU2FpIEFraGlsIiwib2lkIjoiM2QxNTJlN2YtNDQ1Mi00MTNiLWI2YTMtMzE5MjRjNzc3YWNmIiwicHVpZCI6IjEwMDMyMDAxRUZCQkU4QzUiLCJyaCI6IjAuQVxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxM2hHbFA4NVlPS09OakFZQURnLiIsInNjcCI6InVzZXJfaW1wZXJzb25hdGlvbiIsInN1YiI6Ilo1YVh0dm1ndnB6ZTIwdDI0Y1Z4bVprTi1CaDlWc3ZkY04wS2MxdmdqVzgiLCJ0aWQiOiJjODk1Y2E0ZS02NTg0LTQ5ZGUtOTVkNS1lMGVjNGRkNDVlZTEiLCJ1bmlxdWVfbmFtZSI6ImJhdGNodS5zYWlha2hpbEBjaXRyaXguY29tIiwidXRpIjoiYnY2ZEVqVk5ERWlJdUg2ckxiRndBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiZmU5MzBiZTctNWU2Mi00N2RiLTkxYWYtOThjM2E0OWEzOGIxIiwiMTNiZDFjNzItNmY0YS00ZGNmLTk4NWYtMThkM2I4MGYyMDhhIl19.YHv6LgS0CEBUIVEXMSYUMTgPp4Y9BnYWO0oazmxeY4shakf_VCvq9HA-ZNir1JcpgZfKaZPLpaM1bkAvsmgWqS9Fa-EXxRgEhgOavC6_BowdWlaot25xTYOpOD4sUe9mZ2GBvUOC8jNW3Juqple927C9TIUD03bbjkEkuHsi0Wxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}}

After executing kubectl proxy and login to token Sign In button is not responding

In networking tab it shows the following error

{
 "status": 401,
 "plugins": [],
 "errors": [
  {
   "ErrStatus": {
    "metadata": {},
    "status": "Failure",
    "message": "MSG_LOGIN_UNAUTHORIZED_ERROR",
    "reason": "Unauthorized",
    "code": 401
   }
  }
 ]
}

Screenshot enter image description here

I have tried multiple solutions but none of them have worked. Please help me resolve this error? Thank you in advance.

Solution

  • The token is probably simply too big to be handled as an auth header. Request headers have a max size of 4096 KB (depends on the browser and/or proxy implementation) - link

    Allow logging in when a very long token is provided (i.e. Azure with groups, etc.) - link to GitHub Repo of Kubernetes dashboard with Feature request where you can see this