Restore the Host Cluster Access to A Member Cluster

    This tutorial demomstrates how to restore the Host Cluster access to a Member Cluster.

    If you can’t access a Member Cluster from the central control plane and your browser keeps redirecting you to the login page of KubeSphere, run the following command on that Member Cluster to get the logs of the ks-apiserver.

    ks-apiserver-7c9c9456bd-qv6bs refers to the Pod ID on that Member Cluster. Make sure you use the ID of your own Pod.

    You will probably see the following error message:

    1. E0305 03:46:42.105725       1 jwt_token.go:45] token not found in cache
    2. E0305 03:46:42.105759       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache
    3. E0305 03:46:52.045964       1 token.go:65] token not found in cache
    5. E0305 03:47:34.502726       1 token.go:65] token not found in cache
    6. E0305 03:47:34.502751       1 jwt_token.go:45] token not found in cache
    7. E0305 03:47:34.502764       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache

    Solution

    Step 2: Modify accessTokenMaxAge

    Make sure the jwtSecrets are identical, then run the following command on that Member Cluster to get the value of .

    1. kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v "apiVersion" | grep accessTokenMaxAge

    If the value is not 0, run the following command to modify the value of accessTokenMaxAge.

      Now, you can access that Member Cluster from the central control plane again.