Rancher CLI 登录错误 - 状态 [401 未经授权]。正文:[message=clusterID 不匹配]
Rancher CLI login error - Status [401 Unauthorized]. Body: [message=clusterID does not match]
我在尝试使用不记名令牌登录 rancher CLI 时收到此错误。
我使用的命令是这样的:
./rancher login https://<SERVER_URL> --token <BEARER_TOKEN>
我正在使用 rancher UI 上的“添加密钥”按钮创建令牌,并将生成的令牌限定到我要管理的集群。
这是完整的错误信息:
FATA[0002] Bad response statusCode [401]. Status [401 Unauthorized].
Body: [message=clusterID does not match]
有什么想法吗?谢谢...
我想我找到了解决办法。创建令牌时,您不应该 select 任何集群范围。
I found it.
It will not work if a scope is selected when adding an API Key.
--
Cluster-scoped token's primary intended use is for communicating with
the kubernetes API for a specific cluster.
It also works for Rancher api calls that fall under the cluster endopint. This means a token scoped to cluster c-1234 will work for
everything under /v3/clusters/c-1234. The problem is that the cli
currently makes calls that are outside of that scope endpoint
(directly under /v3).
我在尝试使用不记名令牌登录 rancher CLI 时收到此错误。 我使用的命令是这样的:
./rancher login https://<SERVER_URL> --token <BEARER_TOKEN>
我正在使用 rancher UI 上的“添加密钥”按钮创建令牌,并将生成的令牌限定到我要管理的集群。
这是完整的错误信息:
FATA[0002] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match]
有什么想法吗?谢谢...
我想我找到了解决办法。创建令牌时,您不应该 select 任何集群范围。
I found it.
It will not work if a scope is selected when adding an API Key.
--
Cluster-scoped token's primary intended use is for communicating with the kubernetes API for a specific cluster. It also works for Rancher api calls that fall under the cluster endopint. This means a token scoped to cluster c-1234 will work for everything under /v3/clusters/c-1234. The problem is that the cli currently makes calls that are outside of that scope endpoint (directly under /v3).