Unable to create admin user - Kubernetes Mender Deployment

Following the Mender documentation for a Kubernetes deployment…this step isn’t working for me. I enter the credentials and it just refreshes the login screen but never logs in. Is there a pod that I need to restart?

image

Create the Admin User
USERADM_POD=$(kubectl get pod -l ‘app.kubernetes.io/name=useradm’ -o name | head -1)
kubectl exec $USERADM_POD – useradm create-user --username “demo@mender.io” --password “demodemo”

Hello @stumarr, what Kubernetes distribution are you using? And from operating system are you creating the deployment from the documentation?
I’m assuming you installed Mender 3.4, am I right?

Thanks

Ubuntu 22.04
k3s version v1.24.6+k3s1 (a8e0c66d)
go version go1.18.6
mender 3.4.0

Hi @stumarr,

Thanks for getting in touch! We have confirmed the problem and are tracking it at [MEN-5977] Can't login to Mender when installing 3.4.0 from helm chart - Northern.tech AS.

Greetz,
Josef

Hi Josef,

Any update on this?

Thanks,

stu

Hello @stumarr

thank you for using Mender.
could you please verify, that you are accessing the Mender Web UI via https://your-server-url ? (as opposed to http://your-server-url)

best regards,
peter

That was it. How come both http and https resolve?
Thank you,

stu

great to hear you got it working.
I think you can control what ports are open in the values of the helm chart, or otherwise with any ingress you use for the k8s. I am not familiar with your setup, but there are several ways of doing it, depending on what you prefer.

best regards,
peter

This is just a test environment at the moment, but when we deploy our production environment we will be using k3s if we deploy it on-prem (or in the cloud).
Thank you for the guidance and I’ll keep you posted on any other issues we encounter.

stu

Hi Peter,

It turns out that this is still an issue. It was working sporadically, but now I can’t login no matter what I do. I’ve rebuilt the server. Used different MENDER_SERVER_DOMAINs, still the same issue. I login with the credentials I’ve created and it just bounces me back to the login screen.

Thanks,

stu

Hey stu,

we need to do two things:

  1. get the complete logs from useradm pod, from the restart to the moment you see a failed login

  2. verify that the keys in the pod can be read.

as for 1: could you gather the logs for me?
number 2 needs one more action: we need a busy box executable in the pod. could you run something in those lines:

docker cp `docker run -d --entrypoint=busybox busybox sleep 255`:/bin/busybox /tmp/
kubectl cp /tmp/busybox $USERADM_POD:/tmp/
kubectl exec $USERADM_POD – /tmp/busybox ls -alR /etc/useradm
kubectl exec $USERADM_POD – /tmp/busybox cat /etc/useradm/rsa/private.pem

and send me the output removing the actual contents of the private.pem file?

best regards,
peter