< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />
  1. Documentation / 
  2. v3.4 / 
  3. FAQ / 
  4. Multi-cluster Management / 
  5. Restore the Host Cluster Access to A Member Cluster

Documentation

Last updated:
    Edit

    Restore the Host Cluster Access to A Member Cluster

    Kube AI Hub features multi-cluster maganement and tenants with necessary permissions (usually cluster administrators) can access the central control plane from the Host Cluster to manage all the Member Clusters. It is highly recommended that you manage your resources across your cluster through the Host Cluster.

    This tutorial demomstrates how to restore the Host Cluster access to a Member Cluster.

    Possible Error Message

    If you can't access a Member Cluster from the central control plane and your browser keeps redirecting you to the login page of Kube AI Hub, run the following command on that Member Cluster to get the logs of the ks-apiserver.

    kubectl -n kubesphere-system logs ks-apiserver-7c9c9456bd-qv6bs

    Note

    ks-apiserver-7c9c9456bd-qv6bs refers to the Pod ID on that Member Cluster. Make sure you use the ID of your own Pod.

    You will probably see the following error message:

    E0305 03:46:42.105625       1 token.go:65] token not found in cache
E0305 03:46:42.105725       1 jwt_token.go:45] token not found in cache
E0305 03:46:42.105759       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache
E0305 03:46:52.045964       1 token.go:65] token not found in cache
E0305 03:46:52.045992       1 jwt_token.go:45] token not found in cache
E0305 03:46:52.046004       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache
E0305 03:47:34.502726       1 token.go:65] token not found in cache
E0305 03:47:34.502751       1 jwt_token.go:45] token not found in cache
E0305 03:47:34.502764       1 authentication.go:60] Unable to authenticate the request due to error: token not found in cache

    Solution

    Step 1: Verify the jwtSecret

    Run the following command on your Host Cluster and Member Cluser respectively to confirm whether their jwtSecrets are identical.

    kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v “apiVersion” | grep jwtSecret

    Step 2: Modify accessTokenMaxAge

    Make sure the jwtSecrets are identical, then run the following command on that Member Cluster to get the value of accessTokenMaxAge.

    kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v "apiVersion" | grep accessTokenMaxAge

    If the value is not 0, run the following command to modify the value of accessTokenMaxAge.

    kubectl -n kubesphere-system edit cm kubesphere-config -o yaml

    After you modified the value of accessTokenMaxAge to 0, run the following command to restart the ks-apiserver.

    kubectl -n kubesphere-system rollout restart deploy ks-apiserver

    Now, you can access that Member Cluster from the central control plane again.

    Previous : Manage a Multi-cluster Environment on Kube AI Hub
    What’s on this Page