Open programmerq opened 2 years ago
After some investigation it looks like root case is that k8s api kube-rs
used by kube-view-allocations
plugin doesn't support tls-server-name
in the kubeconfig, so it doesn't provide correct server name in SNI for TLS routing. I've opened and issue on kube-rs
: https://github.com/kube-rs/kube-rs/issues/991
Very similar sort of issue to these two:
When running the kubectl-view-allocations plugin, it reports an error when accessing a cluster via teleport.
It seems to support exec credentials since my
aws-iam-authenticator
exec credential for my EKS cluster functions with the plugin. It's only when I attempt to use it through kube access that it outputs an error:Bug details:
tsh kube login
for a cluster you have full access on. Runkubectl-view_allocations
with no arguments.The kubernetes_service instance in debug mode when the failing request is made:
(no mention of a 404, just a successful listing of services)
Here's the raw http response for the successful service listing (intercepted and extracted from the communication between the kubernetes_service and the actual kubernetes api):
teleport proxy node debug logs that appear during the
kubectl-view_allocations
invocation:gz#6085