Rancher CLI login error - Status [401 Unauthorized]. Body: [message=clusterID does not match]

Question

I am getting this error while trying to login to the rancher CLI using the bearer token. The command I use is this:

./rancher login https://<SERVER_URL> --token <BEARER_TOKEN>

I am creating the token using the Add Key button on the rancher UI and scoping the generated tokens to the cluster I want to manage.

This is the complete error message:

FATA[0002] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match]

Any ideas? Thanks...

score 31 · Accepted Answer · answered Jan 20 '20 at 06:37

I think I found the solution. While creating the token you should not select any cluster scope.

I found it.

It will not work if a scope is selected when adding an API Key.

--

Cluster-scoped token's primary intended use is for communicating with the kubernetes API for a specific cluster. It also works for Rancher api calls that fall under the cluster endopint. This means a token scoped to cluster c-1234 will work for everything under /v3/clusters/c-1234. The problem is that the cli currently makes calls that are outside of that scope endpoint (directly under /v3).

ref: https://github.com/rancher/rancher/issues/18639

I also found that I had to download the CLI utility directly from the GUI. The version from brew package manager doesn't work. — jersey bean, Aug 21 '22 at 08:33

Rancher CLI login error - Status [401 Unauthorized]. Body: [message=clusterID does not match]

1 Answers1