kubernetesistioamazon-ekskiali

Changing secrets of kiali in istio is not working


I have deployed istio in my eks cluster with demo profile. demo has kiali deployment with it. The access secret for kiali dashboard is ( username:admin,password:admin ).I was able to access my dashboard with this credentials. Then I created my own secrets.

$ echo shajaltest | base64
$ c2hhamFsdGVzdAo=

Deleted the secrets for kiali.

$ kubectl delete secrets kiali -n istio-system

Deployed the secrets again with this yaml

apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: istio-system
  labels:
    app: kiali
type: Opaque
data:
  username: c2hhamFsdGVzdAo=
  passphrase: c2hhamFsdGVzdAo=

After all of that I deleted the pod of kiali. After that I can not access my dashboard with this username and password. What should I do ?

I also checked the secrets of kiali. It has updated with recent secret value.

Here is the log of kiali pod.

I0408 18:30:30.194890       1 kiali.go:66] Kiali: Version: v1.15.1, Commit: 
3263b7692bcc06ad40292bedea5a9213e04aa9db
I0408 18:30:30.195179       1 kiali.go:205] Using authentication strategy [login]
I0408 18:30:30.195205       1 kiali.go:87] Kiali: Console version: 1.15.0
I0408 18:30:30.195212       1 kiali.go:286] Updating base URL in index.html with [/kiali]
I0408 18:30:30.195376       1 kiali.go:267] Generating env.js from config
I0408 18:30:30.197274       1 server.go:57] Server endpoint will start at [:20001/kiali]
I0408 18:30:30.197285       1 server.go:58] Server endpoint will serve static content from [/opt/kiali/console]
I0408 18:30:30.197297       1 metrics_server.go:18] Starting Metrics Server on [:9090]
I0408 18:30:30.197367       1 kiali.go:137] Secret is now available.

Solution

  • Have you tried to follow the istio documentation about changing the credentials in kiali?


    I made a reproduction of your issue with below steps and everything worked just fine.

    Enter a Kiali username when prompted:

    KIALI_USERNAME=$(read -p 'Kiali Username: ' uval && echo -n $uval | base64)
    

    Enter a Kiali passphrase when prompted:

    KIALI_PASSPHRASE=$(read -sp 'Kiali Passphrase: ' pval && echo -n $pval | base64)
    

    To create a secret, run the following commands:

    NAMESPACE=istio-system
    

    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
    metadata:
      name: kiali
      namespace: $NAMESPACE
      labels:
        app: kiali
    type: Opaque
    data:
      username: $KIALI_USERNAME
      passphrase: $KIALI_PASSPHRASE
    EOF
    

    And simply recreate the kiali pod with

    kubectl delete pod <name_of_the_kiali_pod> -n istio-system
    

    EDIT

    As @Shajal Ahamed mentioned in comments the problem was absence of -n, if you want to use just echo, then use.

    echo -n username | base64
    echo -n passphrase | base64