We have a downstream cluster (rke2) managed by Rancher (v.2.8.4).
This cluster has been configured to use the Authorized Cluster Endpoint (ACE) to allow a direct access to this cluster.
So now, we can provide our customers with a kubeconfig that points directly to the downstream cluster.
As we have deployed an application on it that has it’s own authentication and authorization mechanisms (SSO with keycloak) we would like to completely bypass the Rancher authentication and RBAC. Is it possible?
At the moment, the authentication with the application seems to be working fine,
But we get the following error message when we try to do anything with the cluster:
INFO[0017] Logged in successfully
WARN[0017] the server has asked for the client to provide credentialsFail to get kube client
WARN[0017] the server has asked for the client to provide credentials
kubectl get pods
E0619 10:52:03.483860 77001 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0619 10:52:03.489322 77001 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0619 10:52:03.493731 77001 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0619 10:52:03.498103 77001 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0619 10:52:03.502516 77001 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)