Comments (8)
Unfortunately, that sounds like an issue with token size. Most web servers support summary request header sizes up to 4-8 kB. We do not have any logic to detect token length. We could add that, but it would still not solve your issue.
Does kubectl --token ...
work with such a big token?
from dashboard.
Dear @floreks, I'm a college of Kevin.
I'm able to use the token in kubectl --token. so that does not seem to be the problem.
If I check the token of the "not working" environment in https://www.javainuse.com/bytesize then it sais it's 4.1 KB
If I check the token of the "working" environment in https://www.javainuse.com/bytesize then it sais 2.08 KB.
Could maybe be 4 the limit or something?
Thanks for checking
Are there test commands we can try to run in the pod to see if the header is added correctly in the response?
Can we enable extra logging or something?
Thanks
Toon Tijtgat
from dashboard.
I think that kong by default supports summary header sizes up to 8 kB. They are using nginx underneath. Our UI -> API most probably has a 4 kB limit currently. I'd have to debug it on our side to make sure where it gets terminated. If you can configure token content and get rid of unused information it should make it work for now. I know that some providers include lots of unnecessary information that are not required by Kubernetes API server.
from dashboard.
Hi @floreks
We are using Azure kubelogin, which does not allow configuring the token content as far as I know.
I have taken a quick glance at the code with my limited go knowledge.
If it is indeed the UI -> API, could it be that we need to specify a MaxHeaderBytes
in this function?
Line 99 in 1d4897c
from dashboard.
AFAIR azure allows configuring JWT token content, groups, audience, etc. With azure it is usually an issue of configuring too many groups and that all of them are embedded into the token, not only actually used ones.
from dashboard.
Regarding code changes, max header size would need to be checked and increased for both API and Auth modules. If that's the only issue.
from dashboard.
AFAIR azure allows configuring JWT token content, groups, audience, etc. With azure it is usually an issue of configuring too many groups and that all of them are embedded into the token, not only actually used ones.
I can indeed see that there are many groups included in the token, but unfortunately i dont find a way to configure the response. We are using kubelogin which does not have the option to do so, but if you know of another way that leverages azure authentication to generate the token, it might help us to (temporarily) overcome this issue.
Regarding code changes, max header size would need to be checked and increased for both API and Auth modules. If that's the only issue.
Given the behavior it does look like that would be the issue, but the only way to be sure is to test it of course. What would be the best course of action to get this tested?
from dashboard.
Related Issues (20)
- I wish I could see snapshots and snapshot classes on the dashboard. HOT 1
- unable to save settings in 7.0.0 when installed to a non-default namespace HOT 4
- dashboard loading with 5s and timeout HOT 5
- No fill on workload charts for some languages
- Reactivity bug in web UI login form HOT 2
- Retain CSRF token private key on Helm chart upgrades HOT 5
- Define registries of sub-charts in air-gappend installation HOT 3
- Unable to skip login by adding Authorization header HOT 3
- kubernetes-dashboard-kong not starting HOT 2
- unable to login with "kubectl proxy" way HOT 4
- Exec-ing into pod not working - "Server lost session" HOT 4
- No longer possible to put it behind Basic Authentication HOT 6
- Helm installation broken through dependencies in Chart.yaml HOT 2
- Facing latency issue in kubernetes dashboard in v 7.1.2 HOT 10
- Bearer token not working HOT 7
- Add support for prefers-reduced-motion
- Lower the api pod replicas from 3 to 1 HOT 3
- Login page not consistently skipped with bearer token HOT 1
- Unable to login after update to chart 7.1.2 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dashboard.