Early access Faultline Teams — organizational memory for recurring CI failures across repos

Kubernetes cluster authentication failure

`kubectl` could not authenticate with the Kubernetes API server.

kubectl-auth high confidence auth kubernetes

Matched signals

  • error: you must be logged in
  • You must be logged in to the server
  • unable to connect to the server
  • no configuration has been provided
  • error loading config file
  • context not found
  • kubectl cluster-info

Kubernetes cluster authentication failure

What this failure means

kubectl could not authenticate with the Kubernetes API server. This prevents cluster operations such as apply, rollout, or get.

Symptoms

Faultline looks for one or more of these log fragments:

error: you must be logged in
You must be logged in to the server
unable to connect to the server
no configuration has been provided
error loading config file
context not found
kubectl cluster-info

Diagnosis

kubectl could not authenticate with the Kubernetes API server. This prevents cluster operations such as apply, rollout, or get.

Fix steps

  1. Decode and export the kubeconfig from the CI secret: echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config && chmod 600 ~/.kube/config.
  2. Verify the active context and cluster endpoint with kubectl config current-context && kubectl config view --minify.
  3. Test connectivity before deploy steps with kubectl cluster-info.
  4. For expired certificate credentials, regenerate the kubeconfig from the cloud provider CLI.
  5. For service account token auth, confirm the token is still valid and attached to the job context you expect.
  6. For RBAC errors immediately after auth succeeds, switch to the k8s-rbac-forbidden diagnosis instead.

Validation

  • kubectl cluster-info succeeds.
  • kubectl auth whoami or an equivalent access check confirms the expected identity.
  • kubectl get pods -n <namespace> --request-timeout=10s returns successfully.

Why it matters

The kubeconfig file may be missing, point to an expired credential, or reference a cluster that the CI environment cannot reach. Authentication failures stop the deployment before manifest correctness even matters.

Prevention

  • Rotate kubeconfig credentials on a fixed schedule.
  • Prefer OIDC or short-lived token authentication over long-lived kubeconfig certificates.
  • Test cluster connectivity in a dedicated pre-flight step before running deployment jobs.

Try it locally

kubectl cluster-info
kubectl config current-context
kubectl cluster-info

How Faultline detects it

Use faultline explain kubectl-auth to see the full playbook.

faultline analyze build.log
faultline explain kubectl-auth

Generated from playbooks/bundled/log/auth/kubectl-auth.yaml. Do not edit directly.

Try it on your own failed log

$ faultline analyze failed.log
Install Faultline CLI View on GitHub
Want this across every CI run? Faultline Teams tracks recurring failures across all your repos and surfaces patterns in a shared dashboard.