istio: Kiali dashboard login - Unauthorized

Bug description I created kiali secret and enabled it using this guideline https://istio.io/docs/tasks/telemetry/kiali/ But, when I execute kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=kiali -o jsonpath='{.items[0].metadata.name}') 20001:20001 getting below error

Forwarding from 127.0.0.1:20001 -> 20001
Forwarding from [::1]:20001 -> 20001
Handling connection for 20001
E1001 11:06:08.763555   17720 portforward.go:303] error copying from remote stream to local connection: readfrom tcp6 [::1]:20001->[::1]:57632: write tcp6 [::1]:20001->[::1]:57632: wsasend: An established connection was aborted by the software in your host machine.
Handling connection for 20001
Handling connection for 20001
Handling connection for 20001
E1001 11:06:09.088557   17720 portforward.go:303] error copying from remote stream to local connection: readfrom tcp4 127.0.0.1:20001->127.0.0.1:57636: write tcp4 127.0.0.1:20001->127.0.0.1:57636: wsasend: An established connection was aborted by the software in your host machine.
Handling connection for 20001
E1001 11:06:12.078569   17720 portforward.go:303] error copying from remote stream to local connection: readfrom tcp4 127.0.0.1:20001->127.0.0.1:57638: write tcp4 127.0.0.1:20001->127.0.0.1:57638: wsasend: An established connection was aborted by the software in your host machine.
E1001 11:06:39.386956   17720 portforward.go:293] error creating forwarding stream for port 20001 -> 20001: Timeout occured

Also, credential that I created is not working as well:

Unauthorized. The provided credentials are not valid to access Kiali. Please check your credentials and try again.

Affected product area (please put an X in all that apply)

[ ] Configuration Infrastructure [ ] Docs [x] Installation [ ] Networking [ ] Performance and Scalability [ ] Policies and Telemetry [ ] Security [ ] Test and Release [ ] User Experience [ ] Developer Infrastructure

Expected behavior I should be able to access kiali dashboard.

Version (include the output of istioctl version --remote and kubectl version) kubernetes version: v.1.12.4 istio version: v.1.2.6

How was Istio installed? helm template

Environment where bug was observed (cloud vendor, OS, etc) AKS

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 39 (19 by maintainers)

Most upvoted comments

@sghaida If you are creating the secret manually and using echo command, please make sure that you pass the -n flag to echo; e.g:

% echo -n 'admin' | base64
YWRtaW4=

Without the -n flag the encoded result is different:

% echo 'admin' | base64 
YWRtaW4K

If you still have the issue, please first upgrade to latest Kiali which is version 1.12. If latest Kiali still has the issue, please open an issue in Kiali repository: https://github.com/kiali/kiali/issues/new/choose

israel-hdez on Jan 28, 2020

@israel-hdez here it is.

I1008 12:02:24.493725       1 kiali.go:67] Kiali: Version: v0.20.0, Commit: 140969bc2ef1a77ca7387b47f8b23dcbd4818bd0
I1008 12:02:24.572089       1 kiali.go:68] DEBUG: Kiali: Command line: [/opt/kiali/kiali -config /kiali-configuration/config.yaml -v 4]
I1008 12:02:24.593279       1 config.go:461] DEBUG: Reading YAML config from [/kiali-configuration/config.yaml]
I1008 12:02:24.603318       1 kiali.go:203] Using authentication strategy [login]
I1008 12:02:24.632669       1 kiali.go:88] Kiali: Console version: 0.20.0
I1008 12:02:24.632686       1 kiali.go:263] Updating base URL in index.html with [/kiali]
I1008 12:02:24.652975       1 kiali.go:276] DEBUG: Base URL has been updated to [<base href="/kiali/"]
I1008 12:02:24.733990       1 kiali.go:244] Generating env.js from config
I1008 12:02:24.734039       1 kiali.go:249] DEBUG: The content of /opt/kiali/console/env.js will be:
window.WEB_ROOT='/kiali';
E1008 12:02:24.782249       1 kiali.go:106] Jaeger is not available : Get http:///api/services: http: no Host in request URL
I1008 12:02:24.812793       1 server.go:49] Server endpoint will start at [:20001/kiali]
I1008 12:02:24.812808       1 server.go:50] Server endpoint will serve static content from [/opt/kiali/console]
I1008 12:02:24.812821       1 metrics_server.go:18] Starting Metrics Server on [:9090]
I1008 12:02:24.859297       1 kiali.go:135] Secret is now available.
I1008 18:43:06.817930       1 authentication.go:101] DEBUG: (Re-)authentication was asked. Validation of old token failed with: token contains an invalid number of segments
I1008 18:43:09.579353       1 authentication.go:101] DEBUG: (Re-)authentication was asked. Validation of old token failed with: token contains an invalid number of segments
I1008 18:43:10.753877       1 authentication.go:101] DEBUG: (Re-)authentication was asked. Validation of old token failed with: token contains an invalid number of segments
I1008 18:43:11.256472       1 authentication.go:101] DEBUG: (Re-)authentication was asked. Validation of old token failed with: token contains an invalid number of segments

rnkhouse on Oct 8, 2019