< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />
🚀 KubeSphere v4.1.2 with Enhancements and Bug Fixes is available now. Read the release notes for v4.1.2 → close
  • English
    • English
    • 简体中文
    1. 1.Create a KubeSphere Cloud account and log in to the platform.
    2. 2.In the upper-right corner, click Console, and then click Lite Cluster on the left.
    3. 3.Create a K8s cluster with KubeSphere installed.
    4. 4.Access KubeSphere with the default account and password (admin/P@88w0rd).
  •  Star
  1. Docs / 
  2. Documentation / 
  3. FAQ / 
  4. Multi-cluster Management / 
  5. Restore the Host Cluster Access to A Member Cluster

Documentation

Last updated:
    Edit

    Restore the Host Cluster Access to A Member Cluster

    KubeSphere features multi-cluster maganement and tenants with necessary permissions (usually cluster administrators) can access the central control plane from the Host Cluster to manage all the Member Clusters. It is highly recommended that you manage your resources across your cluster through the Host Cluster.

    This tutorial demomstrates how to restore the Host Cluster access to a Member Cluster.

    Possible Error Message

    If you can't access a Member Cluster from the central control plane and your browser keeps redirecting you to the login page of KubeSphere, run the following command on that Member Cluster to get the logs of the ks-apiserver.

    kubectl -n kubesphere-system logs ks-apiserver-7c9c9456bd-qv6bs

    Note

    ks-apiserver-7c9c9456bd-qv6bs refers to the Pod ID on that Member Cluster. Make sure you use the ID of your own Pod.

    You will probably see the following error message:

    E0305 03:46:42.105625       1 token.go:65] token not found in cache
E0305 03:46:42.105725       1 jwt_token.go:45] token not found in cache
E0305 03:46:42.105759       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache
E0305 03:46:52.045964       1 token.go:65] token not found in cache
E0305 03:46:52.045992       1 jwt_token.go:45] token not found in cache
E0305 03:46:52.046004       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache
E0305 03:47:34.502726       1 token.go:65] token not found in cache
E0305 03:47:34.502751       1 jwt_token.go:45] token not found in cache
E0305 03:47:34.502764       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache

    Solution

    Step 1: Verify the jwtSecret

    Run the following command on your Host Cluster and Member Cluser respectively to confirm whether their jwtSecrets are identical.

    kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v “apiVersion” | grep jwtSecret

    Step 2: Modify accessTokenMaxAge

    Make sure the jwtSecrets are identical, then run the following command on that Member Cluster to get the value of accessTokenMaxAge.

    kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v "apiVersion" | grep accessTokenMaxAge

    If the value is not 0, run the following command to modify the value of accessTokenMaxAge.

    kubectl -n kubesphere-system edit cm kubesphere-config -o yaml

    After you modified the value of accessTokenMaxAge to 0, run the following command to restart the ks-apiserver.

    kubectl -n kubesphere-system rollout restart deploy ks-apiserver

    Now, you can access that Member Cluster from the central control plane again.

    Receive the latest news, articles and updates from KubeSphere


    Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.

    Previous : Manage a Multi-cluster Environment on KubeSphere
    What’s on this Page