Kubernetes : Failed to retrieve auth configuration for ingress












2














I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.



Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :




  • created a secret called auth-traefik from htpasswd generated file in same namespace as Traefik


  • added following annotations to ingress dashboard:



    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/auth-secret: auth-traefik
    traefik.ingress.kubernetes.io/auth-type: basic



I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12



I restarted traefik pod and there is the following log :



*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*


More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).



Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)










share|improve this question
























  • How and where have you created your cluster. Provide more details
    – VKR
    yesterday
















2














I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.



Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :




  • created a secret called auth-traefik from htpasswd generated file in same namespace as Traefik


  • added following annotations to ingress dashboard:



    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/auth-secret: auth-traefik
    traefik.ingress.kubernetes.io/auth-type: basic



I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12



I restarted traefik pod and there is the following log :



*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*


More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).



Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)










share|improve this question
























  • How and where have you created your cluster. Provide more details
    – VKR
    yesterday














2












2








2


1





I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.



Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :




  • created a secret called auth-traefik from htpasswd generated file in same namespace as Traefik


  • added following annotations to ingress dashboard:



    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/auth-secret: auth-traefik
    traefik.ingress.kubernetes.io/auth-type: basic



I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12



I restarted traefik pod and there is the following log :



*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*


More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).



Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)










share|improve this question















I have a new kubernetes cluster, I installed Traefik v1.7.6 on it and enabled Traefik dashboard which is working fine.



Now I want to add basic auth on the ingress service of traefik dashboard, I followed docs :




  • created a secret called auth-traefik from htpasswd generated file in same namespace as Traefik


  • added following annotations to ingress dashboard:



    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/auth-secret: auth-traefik
    traefik.ingress.kubernetes.io/auth-type: basic



I can't access the dashboard anymore and got the following page: 502 Bad Gateway nginx/1.13.12



I restarted traefik pod and there is the following log :



*{"level":"error","msg":"Failed to retrieve auth configuration for ingress kube-system/traefik-dashboard: failed to load auth credentials: secret "kube-system"/"auth-traefik" not found","time":"2018-12-26T23:45:59Z"}*


More details: Ubuntu 18.04 running on a x64 Scaleway server. I tried a regular & MicroK8s installation, both have the same issue (I'm going on with the MicroK8s one, for now).



Traefik was installed through the latest Helm package (with default values, I only enabled the dashboard)







kubernetes basic-authentication traefik






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited yesterday









Rico

26.1k94864




26.1k94864










asked 2 days ago









MrLuje

263211




263211












  • How and where have you created your cluster. Provide more details
    – VKR
    yesterday


















  • How and where have you created your cluster. Provide more details
    – VKR
    yesterday
















How and where have you created your cluster. Provide more details
– VKR
yesterday




How and where have you created your cluster. Provide more details
– VKR
yesterday












1 Answer
1






active

oldest

votes


















1














Looks like you might have created the auth-traefik Kubernetes secret on a different namespace from kube-system where it's looking for it. (Looks like the Ingress is defined in the kube-system namespace).



You can check with:



$ kubectl -n kube-system get secret auth-traefik -o=yaml


If it's not there (is it in a different namespace? monitoring? default?), then you can create it:



$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system


Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.






share|improve this answer























  • It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
    – MrLuje
    yesterday












  • ok, it could be RBAC, added more to the answer
    – Rico
    yesterday











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53938418%2fkubernetes-failed-to-retrieve-auth-configuration-for-ingress%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Looks like you might have created the auth-traefik Kubernetes secret on a different namespace from kube-system where it's looking for it. (Looks like the Ingress is defined in the kube-system namespace).



You can check with:



$ kubectl -n kube-system get secret auth-traefik -o=yaml


If it's not there (is it in a different namespace? monitoring? default?), then you can create it:



$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system


Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.






share|improve this answer























  • It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
    – MrLuje
    yesterday












  • ok, it could be RBAC, added more to the answer
    – Rico
    yesterday
















1














Looks like you might have created the auth-traefik Kubernetes secret on a different namespace from kube-system where it's looking for it. (Looks like the Ingress is defined in the kube-system namespace).



You can check with:



$ kubectl -n kube-system get secret auth-traefik -o=yaml


If it's not there (is it in a different namespace? monitoring? default?), then you can create it:



$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system


Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.






share|improve this answer























  • It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
    – MrLuje
    yesterday












  • ok, it could be RBAC, added more to the answer
    – Rico
    yesterday














1












1








1






Looks like you might have created the auth-traefik Kubernetes secret on a different namespace from kube-system where it's looking for it. (Looks like the Ingress is defined in the kube-system namespace).



You can check with:



$ kubectl -n kube-system get secret auth-traefik -o=yaml


If it's not there (is it in a different namespace? monitoring? default?), then you can create it:



$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system


Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.






share|improve this answer














Looks like you might have created the auth-traefik Kubernetes secret on a different namespace from kube-system where it's looking for it. (Looks like the Ingress is defined in the kube-system namespace).



You can check with:



$ kubectl -n kube-system get secret auth-traefik -o=yaml


If it's not there (is it in a different namespace? monitoring? default?), then you can create it:



$ kubectl create secret generic auth-traefik --from-file auth --namespace=kube-system


Or the ServiceAccount that your Traefik pod is using doesn't have RBAC access to the Secrets resource in the `kube-system namespace.







share|improve this answer














share|improve this answer



share|improve this answer








edited yesterday

























answered yesterday









Rico

26.1k94864




26.1k94864












  • It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
    – MrLuje
    yesterday












  • ok, it could be RBAC, added more to the answer
    – Rico
    yesterday


















  • It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
    – MrLuje
    yesterday












  • ok, it could be RBAC, added more to the answer
    – Rico
    yesterday
















It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday






It's in the correct namespace apiVersion: v1 data: traefik.auth: //EDITED// kind: Secret metadata: creationTimestamp: "2018-12-26T18:18:45Z" name: auth-traefik namespace: kube-system resourceVersion: "13753" selfLink: /api/v1/namespaces/kube-system/secrets/auth-traefik uid: aeae9e53-093a-11e9-aed6-de1a3c202010
– MrLuje
yesterday














ok, it could be RBAC, added more to the answer
– Rico
yesterday




ok, it could be RBAC, added more to the answer
– Rico
yesterday


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53938418%2fkubernetes-failed-to-retrieve-auth-configuration-for-ingress%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Monofisismo

Angular Downloading a file using contenturl with Basic Authentication

Olmecas