search

garethr / garethr-kubernetes

Puppet types and provider for managing Pods, ReplicationControllers, Services and more in Kubernetes
http://garethr.github.io/garethr-kubernetes
Apache License 2.0
28 stars 28 forks source link

How to debug 403 forbidden errors? #35

Closed rolandkool closed 6 years ago

rolandkool commented 6 years ago

Hi,

Trying out the kubernetes puppet resources in a local 'puppet apply' setup. Followed the steps in the documentation to setup the kubernetes.conf. When I try to do a puppet resource kubernetes_service I'm receiving:

Error: Could not run: Puppet detected a problem with the information returned from the service when accessing kubernetes_service. The specific error was: 403 Forbidden .rvm/gems/ruby-2.1.1/gems/kubeclient-2.4.0/lib/kubeclient/common.rb:117:in `rescue in handle_exception'

Tried with newer 2.5.1 kubeclient as well, same result kubectl get services works fine. puppet apply and kubectl commands are both run as same non-root user.

This is on kubernetes 1.7.6 on GCP (container engine). Any idea how to troubleshoot further?

Thanks for any help

Regards,

Roland

wmuizelaar commented 6 years ago

I had the 403 error as well, but in my case it the credentials I used for kubernetes didn't work sufficiently.

It would be nice though if the exact content of the 403-error message would be displayed something like:

Error from server (Forbidden): User "system:serviceaccount:r2d2:kubernetes-manager" cannot get secrets in the namespace "r2d2".: "Unknown user \"system:serviceaccount:r2d2:kubernetes-manager\"" (get secrets kubernetes-manager)

rolandkool commented 6 years ago

Raised issue with kubeclient: https://github.com/abonas/kubeclient/issues/276