Failed Authentication #359
Description
Issue Summary
I am using MicroK8s as my Kubernetes cluster.
The setup is basic — installed with the following command:
sudo snap install microk8s --classicVersion details:
$ microk8s version
MicroK8s v1.32.8 revision 8355I tested two authentication methods, but both failed.
1. Out-of-Cluster Configuration
Steps I used:
$ microk8s config > ~/.kube/config
$ cat docker-compose.yml
services:
kubernetes-mcp-server:
container_name: kubernetes-mcp-server
user: 1000:1000
image: michaelact/kubernetes-mcp-server:v0.0.52.debug1
ports:
- "3000:8080"
volumes:
- ${HOME}/.kube/config:/.kube/config
- /usr/local/bin/kubectl:/usr/local/bin/kubectl
environment:
- KUBECONFIG=/.kube/config
networks:
default:
external: true
name: internal-toolsWhen using this setup, I found that the generated kubeconfig contains users: null, which causes the following error:
failed to get configuration: cannot locate user admin
Example of the generated kubeconfig:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
server: https://172.17.3.46:16443
name: microk8s-cluster
contexts:
- context:
cluster: microk8s-cluster
user: admin
name: microk8s
current-context: microk8s
kind: Config
users: null2. In-Cluster Configuration
I also deployed the application as a Kubernetes Pod using a ServiceAccount with cluster-admin permissions.
However, I still got the following error:
couldn't get current server API group list: the server has asked for the client to provide credentials
Additionally, I noticed that the token used by the client is different from the token stored in
/var/run/secrets/kubernetes.io/serviceaccount/token.
I am not sure where this other token is being retrieved from.
Expected Behavior
- The application should authenticate successfully either from the provided kubeconfig or the in-cluster ServiceAccount.
Actual Behavior
- Out-of-cluster: kubeconfig file contains
users: null, making authentication fail. - In-cluster: authentication fails even with valid ServiceAccount permissions.