Kubernetes master is returning 401 Unauthorized error
I have installed minikube, kubectl in my laptop.
When I run kubectl cluster-info in get the below
Kubernetes master is running at https://10.168.99.10:8443
when I connect to https://10.168.99.10:8443 I get the below response.
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "Unauthorized",
"reason": "Unauthorized",
"code": 401
}
When installed kubectl/minikube didn't prompt for user/password. What is the default user/password to connect.
Answer
minikube doesn't start with basic-auth. So there is not username & password for apiserver by default. To access apiserver, you need to use apiserver certificates. That`s how you will be authorized.
curl https://192.168.99.100:8443 --cert ~/.minikube/apiserver.crt --key ~/.minikube/apiserver.key --cacert ~/.minikube/ca.crt
See details:
Get your minikube IP address
$ minikube ip
192.168.99.100
The API server runs on 8443 by default
Now try to connect apiserver using this
$ curl https://192.168.99.100:8443
curl: (60) SSL certificate problem: unable to get local issuer certificate
Need to provide CA certificate
$ curl https://192.168.99.100:8443 --cacert ~/.minikube/ca.crt
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "Unauthorized",
"reason": "Unauthorized",
"code": 401
}⏎
Now you need to provide apiserver SSL certificate and key
curl https://192.168.99.100:8443 --cert ~/.minikube/apiserver.crt --key ~/.minikube/apiserver.key --cacert ~/.minikube/ca.crt
{
"paths": [
"/api",
"/api/v1",
....
"/ui",
"/ui/",
"/version"
]
}⏎
Note: You can proxy apiserver too
$ kubectl proxy --port=8433
$ curl 127.0.0.1:8433
Now you do not need to provide any certificates. And you are authorized