kubernetes-client
kubernetes-client copied to clipboard
fabric8io
After upgrading Springboot to 3.2.2 version and fabric8io<openshift-client> to 6.9.2 version getting -> Received 403 on websocket on Pod watcher
Describe the bug
We have upgraded our service to springboot 3.2.2 version and also upgraded fabric8 openshiftclient version to 6.9.2. After upgrading same we are getting issue with Pod Watcher.
Received 403 on websocket
exception in pod watching: Received 403 on websocket. Failure executing: GET at: https://
Fabric8 Kubernetes Client version
6.9.2
Steps to reproduce
Using below dep in pom.xaml
Created below bean to connect to opesnhiftclient.
@Bean public OpenShiftClient getOpenShiftClient() {
OpenShiftClient openShiftClient = new KubernetesClientBuilder()
.withConfig(new OpenShiftConfigBuilder()
.withMasterUrl(Url)
.withUsername(UserName)
.withPassword(Password).build()).build().adapt(OpenShiftClient.class);
return openShiftClient;
}
Code to watch pod events:
Watch watch = client.pods().inAnyNamespace().withLabel(labelKey, envName).watch(----)
Expected behavior
it should not throw below exception, watcher should be able to get all pod events
exception in pod watching: Received 403 on websocket. Failure executing: GET at: https://
Runtime
OpenShift
Kubernetes API Server version
1.25.3@latest
Environment
other (please specify in additional context)
Fabric8 Kubernetes Client Logs
No response
Additional context
No response
It seems that your authentication configuration is not working with the cluster.
However, with the current information is hard to know what has changed. Have you tried updating the components (Spring and Fabric8) separately?
Also, have you checked with more verbose logging to see if the authentication headers are properly sent? (e.g. -Dorg.slf4j.simpleLogger.log.io.fabric8=trace or manually adding the HttpLoggingInterceptor)
@manusa yes, we have upgraded version of springboot from 3.1.6 to 3.2.2 and openshift-client version 6.2.0 to 6.9.2 . and we have started seeing mentioned error.
it was working fine with springboot 3.1.6 and openshift-client 6.2.0 version.
As I said, this is not enough information.
- Does it work with Spring Boot 3.2.2 and Fabric8 6.2.0?
- Does it work with Spring Boot 3.1.6 and Fabric8 6.9.2?
- What does the trace look like? (e.g.
-Dorg.slf4j.simpleLogger.log.io.fabric8=traceor manually adding theHttpLoggingInterceptor)
I am seeing something very similar where I am getting unexpected 403 errors when hitting the events API. (Not using Springboot) I have checked with kubectl and the service account does have permissions to list the event API. I will turn on trace logging tomorrow to see if that gives us any more useful information.
Block of code
var result = client.events().v1().events().inNamespace(namespace).list();
Failure executing: GET at:
https://172.17.0.1:6443/apis/events.k8s.io/v1/namespaces/default/events. Message:
events.events.k8s.io is forbidden: User "system:serviceaccount:jenkins:jenkins" cannot
list resource "events" in API group "events.k8s.io" in the namespace "default".
Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[],
group=events.k8s.io, kind=events, name=null, retryAfterSeconds=null, uid=null,
additionalProperties={}), kind=Status, message=events.events.k8s.io is forbidden:
User "system:serviceaccount:jenkins:jenkins" cannot list resource "events" in API
group "events.k8s.io" in the namespace "default",
metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null,
selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure,
additionalProperties={})
This issue has been automatically marked as stale because it has not had any activity since 90 days. It will be closed if no further activity occurs within 7 days. Thank you for your contributions!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}