Open jinnovation opened 2 months ago
Might be able to use SelfSubjectAccessReview
to check if user has permission to query readyz and livez. Specifically, .spec.nonResourceAttributes
.
Turns out this can be due to the user not being logged into the server. Example output from kubectl auth can-i
:
> kubectl auth can-i get /authz
error: You must be logged in to the server (Unauthorized)
Not all users have permission to query
/readyz
or/livez
; attempting to do so returns an error.Currently, attempting to create a proxy server via kele.el in such scenarios simply retries over and over again (
ready-p
drops the error) until it eventually fails.Two things need to happen (not necessarily all in this ticket):
ready-p
needs to detect no-auth scenario and fail immediatelyproxy-get
needs a different wait mechanism if user does not have the right auth.