I am running Grafana server in container. The login page ask for uid/pwd, entered admin/admin. Next step, I change the uid and password, it says API Key Invalid. It does not let me skip as well. How to fix this issue.
Thanks,
1 Like
How are you running it? And what version
Thanks! It’s 11.x. Running through helm chart.
To fix the issue, you can reset the Grafana admin password by accessing the Grafana container. Once inside, you can reset the admin password to a new one. Afterward, restart the Grafana container to apply the changes. This should allow you to log in using the updated password without encountering the “API Key Invalid” error.
Thanks! I changed grafana.ini to default settings excepts a minor changes and I am able to skip uid/password changes and able to get Grafana dashboard. However, I do see the following error:
logger=authn.service t=2025-01-07T12:47:25.179066007Z level=info msg=“Failed to authenticate request” client=auth.client.api-key error=“[api-key.invalid] API key is invalid”
Little more inputs:
I am using helm chart to run the app. The app does OAuth and after validation get redirected to Grafana custom login page. The first place for redirect would be a virtual service. Details below:
{{- if .Values.virtualservice.enabled }}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
labels:
app.kubernetes.io/instance: {{ .Values.virtualservice.name }}
name: {{ .Values.virtualservice.name }}
namespace: {{ .Values.virtualservice.namespace }}
spec:
gateways:
- istio-system/main
hosts: - {{ .Values.virtualservice.host }}
http: - match:
- uri:
prefix: /oauth2
route: - destination:
host: oauth2-proxy-oauth2-proxy.oauth2-proxy.svc.cluster.local
port:
number: 80
- uri:
- match:
- uri:
prefix: “/{{ .Values.virtualservice.name }}”
route: - destination:
host: “{{ .Values.virtualservice.name }}.{{ .Values.virtualservice.namespace }}.svc.cluster.local”
port:
number: {{ .Values.service.port }}
- uri:
{{- end }}
The app is deployed in ArgoCD environment. Do not have bash access to the server. I am guessing it’s Istio that causing issue. Not sure how to fix this issue. I am not making any Rest API call in our app. What API is it looking for? Where does it make a call with asking API key? Gitlab/GitHub/Grafana.com/Grafana.net?
So confused. Can’t figure out the real cause for a fix. Please help. Totally stuck up on time sensitive task.
Thanks!
Best,
1 Like
Your authorization proxy sends requests to Grafana with Authorization header, which doesn’t make sense for Grafana. Disable that header in your authorization proxy/deployment.
Thanks!
I made the following changes in grafana.ini and still the logs shows API key invalid:
[auth.proxy]
;enabled = true
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = false
;sync_ttl = 16
;whitelist =
headers =
enable_login_token = false
headers_encoded = false
Please help me more on this issue.
Thanks!
Problem is your authorization proxy configuration (all those tools behind VirtualService) configuration. Not Grafana configuration.
Thanks! We are able to detect this error. We have NGINX proxy ahead of Grafana. Can we set the headers over here. This is in our control. We do not have control on Oauth proxy. Thanks!
Dockerfile:
ARG GRAFANA_VERSION=“11.1.0”
FROM grafana/grafana:${GRAFANA_VERSION}
…
…
Grafana Provisoning
…
RUN apk update && apk add nginx
ENV orgId=1
ENV uname=grafana
USER 472
CMD [“grafana-server”, “–homepath=/usr/share/grafana”, “–config=/etc/grafana/grafana.ini”, “cfg:default.paths.logs=/var/log/grafana”, “cfg:default.paths.data=/var/lib/grafana”, “cfg:default.paths.plugins=/var/lib/grafana/plugins”]