Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

chectl: Failed to connect to Kubernetes API. Unauthorized

See original GitHub issue

chectl fails to start server on k8s (coreos tectonic) cluster with authentication enabled.

chectl --version

chectl/0.0.20191121-next.89a1444 darwin-x64 node-v10.17.0

Steps to reproduce

chectl server:start

    → Failed to connect to Kubernetes API. Unauthorized
    👀  Looking for an already existing Che instance
 ›   Error: Failed to connect to Kubernetes API. Unauthorized

Runtime

kubernetes:

kubectl version

Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-14T04:24:34Z", GoVersion:"go1.12.13", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.6+coreos.2", GitCommit:"0c227501efd8f0c62e5f75049ad7abb5a1d801ac", GitTreeState:"clean", BuildDate:"2019-02-02T03:18:42Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

kubectl configuration file in default location: ~/.kube/config

kubectl get nodes

NAME                       AGE
k-master01.domain.local   594d
k-node01.domain.local     594d
k-node02.domain.local     594d
k-node03.domain.local     594d
k-node04.domain.local     594d
k-node05.domain.local     594d
k-node06.domain.local     594d

Issue Analytics

State:
Created 4 years ago
Comments:22 (6 by maintainers)

Top GitHub Comments

1reaction

asavin-clcommented, Jul 30, 2020

Hi yes, I tried that. But the problem in getting access token from PKS authentication service. I used this way to do the deployment. I have connected to k8s cluster used the PKS authentication. Then I created kubectl proxy connection and used an internal k8s service account and deployed Che used chectl through this connection. For example it way:

Deploy service account “deployer”

kubectl create sa deployer kubectl create clusterrolebinding deployer --clusterrole cluster-admin --serviceaccount default:deployer

Get necessary information from k8s cluster

KUBE_DEPLOY_SECRET_NAME=`kubectl get sa deployer -o jsonpath=‘{.secrets[0].name}’` KUBE_API_TOKEN=`kubectl get secret $KUBE_DEPLOY_SECRET_NAME -o jsonpath=‘{.data.token}’|base64 --decode` KUBE_API_CERT=`kubectl get secret $KUBE_DEPLOY_SECRET_NAME -o jsonpath=‘{.data.ca.crt}’|base64 --decode`

Start kubectl proxy in the background

kubectl proxy &

Create kubectl config

export KUBECONFIG=~/.kube/config-deployer echo $KUBE_API_CERT > deploy.crt kubectl config set-cluster k8s --server=http://127.0.0.1:8001 --certificate-authority=deploy.crt --embed-certs=true kubectl config set-credentials k8s-deployer --token=$KUBE_API_TOKEN kubectl config set-context k8s --cluster k8s --user k8s-deployer kubectl config use-context k8s kubectl get all # it actually works!

1reaction

tolushacommented, May 5, 2020

We’ve added --skip-kubernetes-health-check flag to skip that kind of pre-flight check. So, please update to the latest version: chectl update next and try again.

Top Results From Across the Web

Resolve the unauthorized server error for the Amazon EKS ...

I'm using kubectl commands to connect to the Amazon Elastic Kubernetes Service (Amazon EKS) API server. I received the message "error: You must ......

Stuck trying to set up Eclipse Che as an in-browser IDE

I'm a noob at both Kubernetes and Eclipse Che who's trying to run ... made it to a dashboard and were getting an...

kubectl error when retrieving credentials from custom-process

1) Spin Chesever7.17.0 using chectl 7.17.0 with below command chectl server:start --platform=docker-desktop 2) Now stop and delete this server. Now spin up with ......

Kubernetes Error Codes: Failed to Pull Image | Datree.io

Unqualified image tags such as `demo-image:latest` will be pulled from the public Docker Hub, which might not be what you intended. You must...

Search OpenShift CI

#2082026 bug 5 months ago #2033215 bug 8 months ago #1904609 bug 7 weeks ago #2110938 bug 3 months ago