dashboard: Dashboard --token-ttl is not working
Environment
Dashboard version: 1.8.3 Kubernetes version: 1.9.3 Operating system: Ubuntu LTS 16.04
Steps to reproduce
- Setup tokens in the api-server using --token-auth-file=/etc/kubernetes/pki/tokens.csv and restart
- Add --token-ttl=43200 to the dashboard deployment and restart
Observed result
- Log on to the dashboard using a token
- Wait for 20 minutes
- Attempt to use dashboard
- Requires logging on again as it appear jwe still expiring after 15 minutes
Expected result
That the jwetoken remains valid for 12 hours and we will not require authenticating until the 12 hours are up.
Comments
dashboard deployment yaml:-
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
ports:
- containerPort: 8443
protocol: TCP
args:
- --tls-key-file=k8sm.key
- --tls-cert-file=k8sm.crt
- --token-ttl=43200
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 7
- Comments: 15 (3 by maintainers)
Looks like you have too many “-” characters there bud
@Michael-Baylis I have tried a variety of token-ttl values, from 0/infinite to 604800/7 days. Nonetheless, I am logged out consistently throughout the day.
You mention:
But I do not see that in the file you posted. I only altered/added the
token-ttlto the default manifest:am I missing something? continuously grabbing a token is driving me crazy.
@rosskevin Unfortunately, there is no option to extend a life of the original token used to log in as in most scenarios it requires communication with external IdP to refresh the token. We are planning to add support for external IdPs to Dashboard. No ETA though.
This works for me:
kubectl edit deployment kubernetes-dashboard -n kube-systemAdd below like yours:
edit and save successfully, and then I reload the dashboard, i can find the args are there:
https://NodeIP:NodePort/#!/pod/kube-system/kubernetes-dashboard-54b79ffb7b-gdf8v?namespace=kube-systemWait for 45 mins, I still can access the dashboard without authentication(I set an alias
ns=kube-system):I’m facing the same issue. I am using kubernetesVersion: 1.11.5 I have added “—token-ttl=43200” but still my dashboard session is expiring every 15 mints
i also meet the issue. you can use args: [ … “–token-ttl=43200”]
will ok.