Closed yuvalavra closed 1 year ago
Thanks @YuvalAvra for the suggestion and the elaboration, I think it's a good idea.
We will have a look on that and update accordingly.
Hi @yuvalavra we added a small fix for that issue that will now print the errors with details. It should be generic for any errors, we were able to verify it on 401 and 403.
Kubelets that enforce authorization have known responses for permission errors. For example, if a request is authenticated but isn't authorized, the Kubelet will respond with:
Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)
kubeletctl
currently prints a generic error message for permission errors, so it can be hard to understand what's causing the error:The actual error can be seen using
--raw
, but if you're not usingkubeletctl
regularly it's easy to forget about that. It would be awesome ifkubeletctl
could check whether a response is a known permission error, and if so print the full error by default.Kubelet responses for permission errors
Unauthorized
Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)
Authorization error (user=%s, verb=%s, resource=%s, subresource=%s)