headlamp
headlamp copied to clipboard
Cannot auth with ServiceAccount Token
Description
On the first try, I can get to the headlamp dashboard and it is populated with information, if I try to click on anything or refresh, I get directed to the token authentication page. If I paste the token in that I copy from:
SECRETNAME=$(kubectl -n kube-system get secrets | grep headlamp-admin | awk '{print $1}')
kubectl -n kube-system describe secret ${SECRETNAME}
I get an "error authenticating" message.
Impact
I cannot use headlamp.
Environment and steps to reproduce
I have installed in-cluster using the helm chart and am using a Traefik IngressRoute to access headlamp. The helm chart creates the ServiceAccount and ClusterRoleBinding by default (if I understand correctly), but this behavior persists if I create a separate ServiceAccount as well.
Expected behavior
I expect to be authorized to use Headlamp.
I can access with the auth token using FireFox and Chromium, the problem lies solely when trying to log in using Safari.
Specifically, it seems to be an issue with Safari's implementation of preventing cross-site tracking.
@ahgraber , that's interesting. I'd assume we're not deploying anything from a different location when you deploy it with the default options.
Thanks for reporting. We will be looking into this and get back to you.
Any progress on this?