K
Q

Unable to use-context from kubeconfig file

4/22/2020

I'm trying to add a new cluster and its context in the kubeconfig file using username and password but its failing. Below are the commands I'm using to set-context.

kubectl config  set-cluster lab101 --server=https://api-kube.example.com:8443 --insecure-skip-tls-verify --context=lab101
kubectl config set-credentials kubeadmin --username=kubeadmin --password=xxxxxxx --cluster=lab101
kubectl config  set-context lab101 --cluster=lab101 --namespace=default --user=kubeadmin
kubectl config use-context lab101

Logs:

GET https://api-kube.example.com:8443/api?timeout=32s 403 Forbidden in 19 milliseconds
I0422 11:37:31.741005   18972 round_trippers.go:411] Response Headers:
I0422 11:37:31.741005   18972 round_trippers.go:414]     Cache-Control: no-cache, private
I0422 11:37:31.741005   18972 round_trippers.go:414]     Content-Type: application/json
I0422 11:37:31.741005   18972 round_trippers.go:414]     X-Content-Type-Options: nosniff
I0422 11:37:31.741005   18972 round_trippers.go:414]     Content-Length: 188
I0422 11:37:31.741005   18972 round_trippers.go:414]     Date: Wed, 22 Apr 2020 15:37:31 GMT
I0422 11:37:31.762977   18972 request.go:897] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/api\"","reason":"Forbidden","details":{},"code":403}

Note: If I use the same user,password with oc login they work fine. Doesn't understand why it won't work if I set kubeconfig manually.

-- CBR
kubeconfig
kubernetes

Similar Questions

How can I use the Kubernetes Pytnon API to execute a command?
Public URL access from kubernetes cluster
dynamic configuration techniques for Microservices
Trying to connect to mongodb service through Consul Connect Sidecar Proxy

1 Answer

4/22/2020

It's unlikely that OpenShift Kubernetes allows authentication using username and password. The oc login command internally authenticate using username and password to a oAuth server to get a bearer token which automatically is stored in the kubeconfig file used by kubectl. When you do any kubectl command that token is used to authenticate with the Kubernetes cluster.

You can check the token via oc config view. You can get the token and set it with kubectl config set-credentials kubeadmin --token=bearertoken and it should work.

Refer the docs here.

Alternatively you can follow this doc here to get a bearer token.

-- Arghya Sadhu
Source: StackOverflow