Open kenden opened 7 years ago
@kenden Could this be related to https://github.com/mkokho/kubemrr/issues/6?
@marianogappa That looks similar. My cluster is not on Azure, but I don't think it matters.
I have kinda the same error, the cluster is on Amazon EKS. Is it possible to get this working on EKS?
Amazon EKS uses aws-iam-authenticator for auth in the cluster.
I am really interested in getting kubemrr working. This could really speedup my daily work
Does kubemrr get its data via kubectl or is it API called to the server ? @mkokho
Does kubemrr get its data via kubectl or is it API called to the server ? @mkokho
API: https://github.com/mkokho/kubemrr/blob/master/app/kube_client.go#L76
I get the same error on macOS for a clusters on Amazon EKS and GKE. It seems, the tool doesn't correctly recognise the API server CA certificate that is embedded in the kubeconfig file.
If in the kubeconfig file, I replace the certificate-authority-data: <DATA>
field with insecure-skip-tls-verify: true
, then the error is gone and the connection succeeds.
But then, there is an authorisation error:
Error: failed to ping server: unexpected status for GET https://34.73.33.83/: 403 Forbidden {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/\"","reason":"Forbidden","details":{},"code":403}
It seems the tool is using the system:anonymous
user, and if your cluster uses RBAC, this user doesn't have permission to access most resources.
If I temporarily give full permissions to the system:anonymous
user, the kubemrr watch
command works, but completion for the individual resources (pods, services, etc.) doesn't work. It just displays the files in the current directory.
When running
kubemerr wath test
orkubemerr watch https://kube-test.myserver.net
I get:
Error: failed to ping server: Get https://kube-test.myserver.net/: x509: certificate signed by unknown authority
I am using
insecure-skip-tls-verify: true
in the kubeconfig file.Steps taken:
Versions: