K
Q

Kubernetes Openshift Client Authentication

12/16/2018

I am working with openshift 3.9 and try to list all Pods in my Namespace with fabirc8 Kubernetes-client ( https://github.com/fabric8io/kubernetes-client ). I am using Java8 and the openshift client in version

 <dependency>
        <groupId>io.fabric8</groupId>
        <artifactId>openshift-client</artifactId>
        <version>4.1.0</version>
    </dependency>

Inside the pod I am able to get a list of pod using bash

# using TLS connection with crt file defined
curl --cacert $CERT \
  -H "Authorization: Bearer $TOKEN" \
   https://$ENDPOINT/api/v1/namespaces/$NAMESPACE/pods

This means that my serviceaccount has the permission to list pods inside the namespace.

With java I was not able to authorize jet.

 try (OpenShiftClient client = new DefaultOpenShiftClient()) {
        System.out.println("Client opened is: " + client.getConfiguration().getOauthToken());
        client.pods().list().getItems().stream().forEach(
                p -> System.out.println("pod: " + p));
    }

Even if I explicitly specify the client with a builderConfig the error is as followed:

Exception in thread "OkHttp Dispatcher" io.fabric8.kubernetes.client.KubernetesClientException: Unexpected response (401 Unauthorized), to the authorization request. Missing header:[Location]! at io.fabric8.openshift.client.internal.OpenShiftOAuthInterceptor.authorize(OpenShiftOAuthInterceptor.java:128) at io.fabric8.openshift.client.internal.OpenShiftOAuthInterceptor.intercept(OpenShiftOAuthInterceptor.java:63) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179) at okhttp3.RealCall$AsyncCall.execute(RealCall.java:129) at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

The problem seems to be this class: https://github.com/fabric8io/kubernetes-client/blob/master/openshift-client/src/main/java/io/fabric8/openshift/client/internal/OpenShiftOAuthInterceptor.java

In line 132 the location of the token is not set, so the token can't be found. I am not able to solve this problem by myself. Maybe I have to set the Header Authorization: Bearer by myself.

Hope someone can help,

best wishes Joern

-- soa
fabric8
java
kubernetes
openshift

Similar Questions

Can not build project because of using placeholders in application properties
How to handle the concurrence of file uploads in my kubernetes cluster?
concurrency problem with dropwizard framework and hibernate
Kubernetes not starting in docker for Mac
Kubernetes - Get Node Label from Container
Airflow too many DNS lookups for database

0 Answers