Antonin Stefanutti
Antonin Stefanutti
@vgibilmanno could you try: $ aws-iam-authenticator verify -i SOMEOTHERNAME -t SOMETOKEN and provide the output of: $ env I suspect there are some environment variables that come into the play.
Damn, would you mind now trying: $ aws-iam-authenticator verify -i SOMEOTHERNAME -t `aws-iam-authenticator token -i SOMEOTHERNAME -r arn:aws:iam::SOMEROLEID:role/SOMEROLE | jq -r .status.token` (if you don't have `jq`, you can copy...
@vgibilmanno could you check any difference between the token from `response.json` and the one returned by `aws-iam-authenticator token -i SOMEOTHERNAME -r arn:aws:iam::SOMEROLEID:role/SOMEROLE`?
I don't understand why it does not work when a token generated with AWS CLI, that verifies correctly, is copied into the _kubeconfig_ file and used by Kubebox. And why...
@vgibilmanno could you try: $ curl -k -v -H "Authorization: Bearer `aws-iam-authenticator token -i SOMEOTHERNAME -r arn:aws:iam::SOMEROLEID:role/SOMEROLE | jq -r .status.token`" https://OMITTED.amazonaws.com/api/v1/namespaces/SOMENAMESPACE/pods
@vgibilmanno, good, what about: $ curl -k -v -H "Authorization: Bearer `aws-iam-authenticator token -i SOMEOTHERNAME -r arn:aws:iam::SOMEROLEID:role/SOMEROLE | jq -r .status.token`" https://OMITTED.amazonaws.com/ $ curl -k -v -H "Authorization: Bearer `aws-iam-authenticator...
@vgibilmanno thanks a lot. Can you confirm the following command returns 403: $ curl -k -v -H "Authorization: Bearer `aws-iam-authenticator token -i SOMEOTHERNAME -r arn:aws:iam::SOMEROLEID:role/SOMEROLE | jq -r .status.token`" https://OMITTED.amazonaws.com/api/v1/namespaces
OK so I think we've nail down the root cause of this issue. Your user account is not granted permission to list namespaces. As as work-around, could you update your...
@vgibilmanno great! thanks for the feedback. Resources usage metrics requires extra permissions to proxy nodes. Thanks a lot for your collaboration on this. I think we can let that issue...
@bradamson thanks a lot for the feedback. I agree with your suggestion to catch the error and display a proper message in the namespaces list box, instead of dumping the...