Skip to content

list_pod_for_all_namespaces throws Unauthorized #165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
RuiLoureiro opened this issue Nov 11, 2021 · 4 comments
Closed

list_pod_for_all_namespaces throws Unauthorized #165

RuiLoureiro opened this issue Nov 11, 2021 · 4 comments

Comments

@RuiLoureiro
Copy link

I'm trying to list the pods in a kubernetes cluster that I'm connected to using a VPN.
Running kubectl get pods --all-namespaces works fine.

Calling list_pod_for_all_namespaces with the synchronous library (kubernetes) also works:

from kubernetes import client, config
config.load_kube_config()

v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
    print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))

When using kubernetes_asyncio, I get the following error:

from kubernetes_asyncio import client, config
await config.load_kube_config()

v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = await v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
    print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
Reason: Unauthorized
HTTP response headers: <CIMultiDictProxy('Audit-Id': '...', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Date': 'Thu, 11 Nov 2021 14:26:09 GMT', 'Content-Length': '129')>
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}

Thank you
@tomplus
Copy link
Owner

tomplus commented Nov 12, 2021

Thanks for reporting the issue.

It is self-hosted cluster or hosted by a cloud provider? Could you show your kubeconfig masking some sensitve data (certs, IPs etc.)?

@RuiLoureiro
Copy link
Author

It's provided by Azure.
Here's my kubeconfig:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ...
    server: ...
  name: aks-foo
contexts:
- context:
    cluster: aks-foo
    namespace: foo
    user: clusterUser_rg-foo_aks-foo
  name: aks-foo
current-context: aks-foo
kind: Config
preferences: {}
users:
- name: clusterUser_rg-foo_aks-foo
  user:
    auth-provider:
      config:
        access-token: ...
        apiserver-id: ...
        client-id: ..
        config-mode: "1"
        environment: AzurePublicCloud
        expires-in: "4019"
        expires-on: "1636715674"
        refresh-token: ...
        tenant-id: ...
      name: azure

@tomplus
Copy link
Owner

tomplus commented Nov 12, 2021

Sorry, authentication to Azure AKS is not supported yet, #31

@RuiLoureiro
Copy link
Author

Ah, I see. Sorry, I missed that issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomplus @RuiLoureiro