Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change the project to member cluster in the workspace after setting the member Cluster Visibility, comes out a error: "会话已超时或用户已从其他地方登录,请重新登录。" #6002

Closed
lianghuiyuan opened this issue Dec 11, 2023 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@lianghuiyuan
Copy link

Describe the Bug
After add cluster member into the host cluster, then change the member Cluster Visibility to a Workspace, Everythings seems ok, but when you in the 「workspace」- 「Project」 to exchange the cluster, you will see "会话已超时或用户已从其他地方登录,请重新登录。" error.

  • host cluster:
    kubesphere: 3.4.0
    kubernetes: v1.23.8-r10-23.2.19.3
    nodes: 1 master node, 5 worker nodes

  • member cluster:
    kubesphere: 3.4.0
    kubernetes: v1.26.7
    nodes: 1 master node, 2 worker nodes

Environment
Ubuntu 22.04

# uname -a
Linux mec-master-01 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

How To Reproduce
Steps to reproduce the behavior:

  • step1:
    set member Cluster Visibility
image

set member Cluster Visibility success, but the list of workspaces is empty .
image

and you will get to see one more cluster Visibility in the workspace,

image
  • step2:
    Login kubesphere with an account which not ‘admin’,
image

change the cluster to the member cluster, then see the error: "会话已超时或用户已从其他地方登录,请重新登录。"
image

Expected behavior
no errors.

@lianghuiyuan lianghuiyuan added the kind/bug Categorizes issue or PR as related to a bug. label Dec 11, 2023
@lianghuiyuan
Copy link
Author

@lianghuiyuan
Copy link
Author

kubefed fix: controller-manager panic when kubeconfig set filed insecure-skip-tls-verify : kubernetes-retired/kubefed#1505

But kubesphere seems not Update the version of kubefed controller: #4891

@lianghuiyuan
Copy link
Author

处理办法:

  1. 加入到 host 主集群的 member 集群的 kubeconfig 中不要使用insecure-skip-tls-verify=true,直接使用 ca.crt 证书(base64):certificate-authority-data: {BASE64 STRING}。 eg:
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <`cat /etc/kubernetes/pki/ca.crt | base64`>
    server: https://<ip>:6443
  name: cluster.local
contexts:
- context:
    cluster: cluster.local
    user: kubernetes-admin
  name: [email protected]
current-context: [email protected]
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: xxxxxxxxxxx
    client-key-data: xxxxxxxxxx

  1. 在 host 集群中,重启kubefed-admission-webhookkubefed-controller-manager 两个服务:
  • 将kubefed-admission-webhook deployment 中的 replica 配置为 0 后再配置为 1
  • 将kubefed-controller-manager deployment 中的 replica 配置为 0 后再配置为 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

1 participant