CODEWITHSUNDEEP
kubernetesminikubekubernetes-apiserver
user51
user51

Reputation: 10163

Kubernetes master is returning 401 Unauthorized error

I have installed minikube, kubectl in my laptop.

When I run kubectl cluster-info in get the below 

   Kubernetes master is running at https://10.168.99.10:8443

when I connect to https://10.168.99.10:8443 I get the below response.

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

When installed kubectl/minikube didn't prompt for user/password. What is the default user/password to connect.

Upvotes: 3

Views: 20166

Answers (3)

thangchung
thangchung

Reputation: 2030

Please trying to put kubectl proxy --address=clusterIP --port 8001 --accept-hosts '.*', then you can browse it at http://localhost:8001.

Upvotes: 0

Shahriar
Shahriar

Reputation: 13804

minikube doesn't start with basic-auth. So there is not username & password for apiserver by default. To access apiserver, you need to use apiserver certificates. That`s how you will be authorized.

curl https://192.168.99.100:8443 --cert ~/.minikube/apiserver.crt  --key ~/.minikube/apiserver.key --cacert ~/.minikube/ca.crt

See details:

Get your minikube IP address

$ minikube ip
192.168.99.100

The API server runs on 8443 by default

Now try to connect apiserver using this

$ curl https://192.168.99.100:8443  
curl: (60) SSL certificate problem: unable to get local issuer certificate

Need to provide CA certificate

$ curl https://192.168.99.100:8443  --cacert ~/.minikube/ca.crt 
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}⏎

Now you need to provide apiserver SSL certificate and key

curl https://192.168.99.100:8443 --cert ~/.minikube/apiserver.crt  --key ~/.minikube/apiserver.key --cacert ~/.minikube/ca.crt 
{
  "paths": [
    "/api",
    "/api/v1",
    ....
    "/ui",
    "/ui/",
    "/version"
  ]
}⏎

Note: You can proxy apiserver too

$ kubectl proxy --port=8433
$ curl 127.0.0.1:8433

Now you do not need to provide any certificates. And you are authorized

Upvotes: 3

Vikram Hosakote
Vikram Hosakote

Reputation: 3674

Looks like you are doing curl https://10.168.99.10:8443 -k. There is no need to do it. Infact, the response you are seeing is expected as you are not authenticating to kubernetes.

  1. Do minikube dashboard to open the kubernetes dashboard. This will use the NodePort of the kubernetes-dashboard service and open the kubernetes dashboard GUI in a browser.
  2. Minikube creates kubeconfig at ~/.kube/config on the laptop. So, just use kubectl to use k8s in Minikube.
  3. The kubectl configuration can be viewed by doing kubectl config view on the laptop.

Upvotes: -2

Related Questions