Rancher CLI login, can't login w/ API key scoped to 1 cluster

spirilis · July 19, 2019, 8:27pm

So if I make an API key that has no scope, I can login, but making an API key scoped to a single cluster doesn’t work:

$ rancher login --token token-8cd4z:tr78ztgxb88jm8q2m7djf875dsdqqrv42qn8ptxh26qdf8fsvqqtwf https://ranchermgt-dev.blahblah.com/
FATA[0000] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match] from [https://ranchermgt-dev.blahblah.com/v3]

I’ve attempted providing --context during login as well, with the cluster:project style syntax:

$ rancher login --context c-hz88w:p-xmvb4 --token token-8cd4z:tr78ztgxb88jm8q2m7djf875dsdqqrv42qn8ptxh26qdf8fsvqqtwf https://ranchermgt-dev.blahblah.com/
FATA[0000] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match] from [https://ranchermgt-dev.blahblah.com/v3]

What gives? How can I provide API tokens that have narrow access to a specific cluster?

Topic		Replies	Views
connect api rancher by CLI Rancher	4	411	December 15, 2021
Rancher CLI with Keycloack AuthProvider	0	541	March 14, 2023
Rancher 2.1: accessing kubernates API with service accounts of kubernates Rancher	2	1553	November 6, 2018
Unable to login to cluster using azureADProvider Rancher	2	33	September 18, 2024
Rancher-cli login 2 clusters automatic Rancher	2	1029	February 4, 2019

Rancher CLI login, can't login w/ API key scoped to 1 cluster

Related Topics