Rancher CLI login error - Status [401 Unauthorized]. Body: [message=clusterID does not match]

Question

I am getting this error while trying to login to the rancher CLI using the bearer token. The command I use is this:

./rancher login https://<SERVER_URL> --token <BEARER_TOKEN>

I am creating the token using the Add Key button on the rancher UI and scoping the generated tokens to the cluster I want to manage.

This is the complete error message:

FATA[0002] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match]

Any ideas? Thanks...

Answer 1

I think I found the solution. While creating the token you should not select any cluster scope.

I found it.

It will not work if a scope is selected when adding an API Key.

--

Cluster-scoped token's primary intended use is for communicating with the kubernetes API for a specific cluster. It also works for Rancher api calls that fall under the cluster endopint. This means a token scoped to cluster c-1234 will work for everything under /v3/clusters/c-1234. The problem is that the cli currently makes calls that are outside of that scope endpoint (directly under /v3).

ref: https://github.com/rancher/rancher/issues/18639