Kubernetes : Failed to retrieve auth configuration for ingress
I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.
Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :
- created a secret called
auth-traefik
from htpasswd generated file in same namespace as Traefik
added following annotations to ingress dashboard:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-secret: auth-traefik
traefik.ingress.kubernetes.io/auth-type: basic
I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12
I restarted traefik pod and there is the following log :
*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*
More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).
Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)
kubernetes basic-authentication traefik
add a comment |
I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.
Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :
- created a secret called
auth-traefik
from htpasswd generated file in same namespace as Traefik
added following annotations to ingress dashboard:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-secret: auth-traefik
traefik.ingress.kubernetes.io/auth-type: basic
I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12
I restarted traefik pod and there is the following log :
*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*
More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).
Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)
kubernetes basic-authentication traefik
How and where have you created your cluster. Provide more details
– VKR
yesterday
add a comment |
I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.
Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :
- created a secret called
auth-traefik
from htpasswd generated file in same namespace as Traefik
added following annotations to ingress dashboard:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-secret: auth-traefik
traefik.ingress.kubernetes.io/auth-type: basic
I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12
I restarted traefik pod and there is the following log :
*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*
More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).
Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)
kubernetes basic-authentication traefik
I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.
Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :
- created a secret called
auth-traefik
from htpasswd generated file in same namespace as Traefik
added following annotations to ingress dashboard:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-secret: auth-traefik
traefik.ingress.kubernetes.io/auth-type: basic
I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12
I restarted traefik pod and there is the following log :
*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*
More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).
Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)
kubernetes basic-authentication traefik
kubernetes basic-authentication traefik
edited yesterday
Rico
26.1k94864
26.1k94864
asked 2 days ago
MrLuje
263211
263211
How and where have you created your cluster. Provide more details
– VKR
yesterday
add a comment |
How and where have you created your cluster. Provide more details
– VKR
yesterday
How and where have you created your cluster. Provide more details
– VKR
yesterday
How and where have you created your cluster. Provide more details
– VKR
yesterday
add a comment |
1 Answer
1
active
oldest
votes
Looks like you might have created the auth-traefik
Kubernetes secret on a different namespace from kube-system
where it's looking for it. (Looks like the Ingress
is defined in the kube-system
namespace).
You can check with:
$ kubectl -n kube-system get secret auth-traefik -o=yaml
If it's not there (is it in a different namespace? monitoring? default?), then you can create it:
$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system
Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53938418%2fkubernetes-failed-to-retrieve-auth-configuration-for-ingress%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Looks like you might have created the auth-traefik
Kubernetes secret on a different namespace from kube-system
where it's looking for it. (Looks like the Ingress
is defined in the kube-system
namespace).
You can check with:
$ kubectl -n kube-system get secret auth-traefik -o=yaml
If it's not there (is it in a different namespace? monitoring? default?), then you can create it:
$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system
Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
add a comment |
Looks like you might have created the auth-traefik
Kubernetes secret on a different namespace from kube-system
where it's looking for it. (Looks like the Ingress
is defined in the kube-system
namespace).
You can check with:
$ kubectl -n kube-system get secret auth-traefik -o=yaml
If it's not there (is it in a different namespace? monitoring? default?), then you can create it:
$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system
Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
add a comment |
Looks like you might have created the auth-traefik
Kubernetes secret on a different namespace from kube-system
where it's looking for it. (Looks like the Ingress
is defined in the kube-system
namespace).
You can check with:
$ kubectl -n kube-system get secret auth-traefik -o=yaml
If it's not there (is it in a different namespace? monitoring? default?), then you can create it:
$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system
Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.
Looks like you might have created the auth-traefik
Kubernetes secret on a different namespace from kube-system
where it's looking for it. (Looks like the Ingress
is defined in the kube-system
namespace).
You can check with:
$ kubectl -n kube-system get secret auth-traefik -o=yaml
If it's not there (is it in a different namespace? monitoring? default?), then you can create it:
$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system
Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.
edited yesterday
answered yesterday
Rico
26.1k94864
26.1k94864
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
add a comment |
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
ok, it could be RBAC, added more to the answer
– Rico
yesterday
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53938418%2fkubernetes-failed-to-retrieve-auth-configuration-for-ingress%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
How and where have you created your cluster. Provide more details
– VKR
yesterday