Open nniikkoollaaii opened 5 years ago
Hi @nniikkoollaaii, It looks like an issue with the cluster's configuration or a connection configuration. Have you tried to connect to the cluster using kubectl with the same config? Most likely it's not a Kube Forwarder's issue, but if kubectl works, we will investigate it further.
Hi @proAlexandr ,
the command
kubectl get pods --kubeconfig .\my-kubeconfig
works.
So I don't think there is a problem with my connection configuration.
Further investigation would be nice. Thanks!
I'm having a similar problem with oidc auth-provider. I am able to connect via kubectl but not through kube-forwarder.
I'm experiencing a similar problem with OIDC. Commands like kubectl --context=dev port-forward foobar
work fine, but Kube Forwarder displays "Unauthorized" when connecting:
+1 on what @merktassel said, I cannot get Kube Forwarder to work with an OIDC authenticator either, it fails with an Unauthorized
error. All kubectl
commands (e.g. kubectl get ns
) work fine, though it should be noted that myuser
has restricted rights (is only admin of some namespaces, but cannot manage the cluster itself).
Are there any logs I could inspect?
~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority: [redacted]
server: [redacted]
name: mycluster
contexts:
- context:
cluster: mycluster
user: myuser
name: mycontext
current-context: mycontext
kind: Config
preferences: {}
users:
- name: myuser
user:
auth-provider:
config:
client-id: [redacted]
client-secret: [redacted]
id-token: [redacted]
idp-issuer-url: [redacted]
refresh-token: [redacted]
name: oidc
Hi,
Any news on this, we are facing the same issue. when clicking on add new cluster we got an error , failed to connect , do you want continue saving ?
we are able to run port-forward via the terminal.
Any idea? any workaround ?
Thanks Ben
same issue here with OIDC authenticator enabled cluster
There have been some changes to the @kubernetes/client-node
package that fix this error. I'm able reproduce a very similar error if I run this sample code using 0.10.2
in separate project:
const k8s = require('@kubernetes/client-node');
const kc = new k8s.KubeConfig();
kc.loadFromDefault();
kc.setCurrentContext('<insert a context relevant to your environment>');
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
k8sApi.listNamespacedPod('default').then((res) => {
console.log(res.body);
}).catch(err => {
console.log(err.response.body);
});
will produce this response from the API
{
kind: 'Status',
apiVersion: 'v1',
metadata: {},
status: 'Failure',
message: 'pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "default"',
reason: 'Forbidden',
details: { kind: 'pods' },
code: 403
}
After updating the package I no longer get that error.
There is already a PR (#88) that includes an update to that package, which should fix this bug as well.
Hello,
I selected my kubeconfig file and kube-forwarder shows the following error message:
"nodes is forbidden: User "system:anonymous" cannot list nodes at the cluster scope"
my kubeconfig file is:
Auth backend is Dex. Kube-Forwarder Version 1.4.2 on Windows
Is there a problem using Kubernetes OIDC Auth?
Thanks for any help!