Kubernetes Dashboard Bearer Token Authentication Not Working

[nnzv]

What Happened?

I'm unable to get the Kubernetes dashboard to work with bearer token authentication. Despite accessing the URL, I'm unable to use the bearer token for authentication. Are there any additional steps required to enable this functionality? I'm primarily experimenting with security concepts in Kubernetes and wish to authenticate to the dashboard using bearer tokens.

Here are the steps to reproduce:

1. Start Minikube with Docker as the driver, Calico as the CNI plugin, and Kubernetes version 1.29.0:

minikube start --driver=docker --cni calico --kubernetes-version=1.29.0

2. Enable the dashboard addon:

minikube addon enable dashboard

3. Access the dashboard:

minikube dashboard

Despite following these steps, bearer token authentication doesn't seem to work. I've attempted to modify the deployment by removing the --enable-skip-login and --disable-settings-authorizer arguments from the Kubernetes dashboard image's entrypoint, but the issue persists.

Attach the log file

log.txt

Operating System

NAME=Gentoo
ID=gentoo
PRETTY_NAME="Gentoo Linux"
ANSI_COLOR="1;32"
HOME_URL="https://www.gentoo.org/"
SUPPORT_URL="https://www.gentoo.org/support/"
BUG_REPORT_URL="https://bugs.gentoo.org/"
VERSION_ID="2.15"

Driver

Client:
 Version:           25.0.4
 API version:       1.44
 Go version:        go1.22.1
 Git commit:        1a576c50a9
 Built:             Tue Mar 26 22:28:11 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          25.0.4
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.22.1
  Git commit:       061aa95809be396a6b5542618d8a34b02a21ff77
  Built:            Wed Mar 27 07:09:30 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.14
  GitCommit:        dcf2847247e18caba8dce86522029642f60fe96b
 runc:
  Version:          1.1.12
  GitCommit:        51d5e94601ceffbbd85688df1c928ecccbfa4685
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad007797e0dcd8b7126f27bb87401d224240

[nnzv]

CC: @pacoxu, @lingsamuel, @afbjorklund, @r2d4, @rf232

[afbjorklund]

Probably more a question for kubernetes dashboard, by default minikube uses kubectl proxy to access it.

But the usual upstream (now) is something like: kubectl -n kubernetes-dashboard create token admin-user

[nnzv]

When I try to access the URL, I expect the Kubernetes dashboard to prompt me for authentication, like a bearer token or kubeconfig. But that's not happening. Is there something specific I should consider? I'm thinking it might be an issue with the addon. The YAML files in the project haven't been updated for a long time: https://github.com/kubernetes/minikube/tree/4f95ed218d40714374dc7652227fe08d54120b23/deploy/addons/dashboard

[nnzv]

By the way, do you know if Minikube supports Helm? I tried installing the Kubernetes dashboard using this tool, but the Kong pod keeps crashing.

[nnzv]

Found a workaround on this kubernetes/dashboard#8765 (comment). Installing the dashboard via helm seems to fix the issue. Nonetheless, I propose suggesting to maintainers the implementation of an official solution. Most users would probably prefer having this security feature readily accessible.

/close

[k8s-ci-robot]

@nnzv: Closing this issue.

In response to this:

Found a workaround on this kubernetes/dashboard#8765 (comment). Installing the dashboard via helm seems to fix the issue. Nonetheless, I propose suggesting to maintainers the implementation of an official solution. Most users would probably prefer having this security feature readily accessible.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.