Error 500: The server asked for credentials

[Smana]

Hello,

I'm trying to test the dashboard but i get the following errors and i can't access to the UI

2016/02/14 15:46:15 Getting list of all replication controllers in the cluster
2016/02/14 15:46:15 the server has asked for the client to provide credentials (get replicationControllers)
2016/02/14 15:46:15 Outcoming response to 62.210.220.xx:56978 with 500 status code

Could you please guide me to solve this issue ?

Regards,
Smana

[bryk]

How did you start the UI and Kubernetes cluster? What is your Kubernetes version?

[Smana]

Hi @bryk

I've just run kubectl create -f src/deploy/kubernetes-dashboard.yaml
I'm running kubernetes version 1.1.4

Thank you,

[bryk]

Looks like a problem with credentials. Is your apiserver protected by some security mechanisms?

cc @floreks @maciaszczykm @cheld Have you ever seen this problem?

[Smana]

The apiserver, just listens on https with basic authentication.

[theobolo]

Hello guys i've got the same problem here.
I use a Azure Kubernetes cluster deployed with the getting-started guide (Azure, CoreOS, Kube, Weave).
I use the 1.1.7 Kubernetes Version.

I run the same command as @Smana : kubectl create -f src/deploy/kubernetes-dashboard.yaml

But Heapster need the CA.cert that should be inside the serviceaccount folder.
Problem, in the azure cloud config the CA.cert is not implemented in the kube-controller service.

So do you have some instructions to implement the CA.cert in the coreos cloud config ?
Or something else ?

Thanks

[Smana]

let me know if you need further info :)

[bryk]

@theobolo @Smana I've just pushed new testing image of the Dashboard UI. It includes certificates setup:

RUN apk --update add ca-certificates
RUN for cert in `ls -1 /etc/ssl/certs/*.crt | grep -v /etc/ssl/certs/ca-certificates.crt`; do cat "$cert" >> /etc/ssl/certs/ca-certificates.crt; done

Can you delete old Dashboard replication controller and recreate it? Please tell me whether this helps.

[Smana]

@bryk thank you, unfortunately i still get the same error:

2016/02/15 13:27:59 Incoming HTTP/1.1 GET /api/v1/replicationcontrollers request from 62.210.220.66:47908
2016/02/15 13:27:59 Getting list of all replication controllers in the cluster
2016/02/15 13:27:59 the server has asked for the client to provide credentials (get replicationControllers)
2016/02/15 13:27:59 Outcoming response to 62.210.220.xx:47908 with 500 status code

[Smana]

My apiserver is reachable with the following command, i don't know if that can help
curl --cacert /etc/kubernetes/ssl/ca.pem -u kube:xxxxxxxxxxx https://62.210.220.xx:8443

[floreks]

@Smana

Maybe our backend is connecting to master at different port where only basic authentication is available.

This looks like a similar issue:
kubernetes/kubernetes#7622 (comment)

@bryk what do you think? Is this even possible for in-cluster configuration?

[cheld]

Dashboard relies on serviceaccount for the authentication to the api server.

[theobolo]

@bryk Even with the new image i've got an error

Get https://10.16.0.1:443/api/v1/replicationcontrollers: read tcp 172.17.0.3:45116->10.16.0.1:443: read: connection reset by peer

In my kubernetes cluster the Kube API is available at 172.18.0.12:8080 or 172.18.0.12:8443 but if i try a curl at

http://10.16.0.1:80 or https://10.16.0.1:443 nothing happens.

And i still have the ca.cert error :/

to be clear : i'm running on CoreOS and in my cloud config the root-ca-cert option is not defined and the ca.cert is not created during the deployement. That's should be the problem no ?

[Smana]

Hello, any news on this please ?