I am working with openshift 3.9 and try to list all Pods in my Namespace with fabirc8 Kubernetes-client ( https://github.com/fabric8io/kubernetes-client ). I am using Java8 and the openshift client in version
<dependency>
<groupId>io.fabric8</groupId>
<artifactId>openshift-client</artifactId>
<version>4.1.0</version>
</dependency>
Inside the pod I am able to get a list of pod using bash
# using TLS connection with crt file defined
curl --cacert $CERT \
-H "Authorization: Bearer $TOKEN" \
https://$ENDPOINT/api/v1/namespaces/$NAMESPACE/pods
This means that my serviceaccount has the permission to list pods inside the namespace.
With java I was not able to authorize jet.
try (OpenShiftClient client = new DefaultOpenShiftClient()) {
System.out.println("Client opened is: " + client.getConfiguration().getOauthToken());
client.pods().list().getItems().stream().forEach(
p -> System.out.println("pod: " + p));
}
Even if I explicitly specify the client with a builderConfig the error is as followed:
Exception in thread "OkHttp Dispatcher" io.fabric8.kubernetes.client.KubernetesClientException: Unexpected response (401 Unauthorized), to the authorization request. Missing header:[Location]! at io.fabric8.openshift.client.internal.OpenShiftOAuthInterceptor.authorize(OpenShiftOAuthInterceptor.java:128) at io.fabric8.openshift.client.internal.OpenShiftOAuthInterceptor.intercept(OpenShiftOAuthInterceptor.java:63) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179) at okhttp3.RealCall$AsyncCall.execute(RealCall.java:129) at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
The problem seems to be this class: https://github.com/fabric8io/kubernetes-client/blob/master/openshift-client/src/main/java/io/fabric8/openshift/client/internal/OpenShiftOAuthInterceptor.java
In line 132 the location of the token is not set, so the token can't be found. I am not able to solve this problem by myself. Maybe I have to set the Header Authorization: Bearer by myself.
Hope someone can help,
best wishes Joern