vgibilmanno

@astefanutti I tried but it still fails. I tried the following url too (fails too) `curl -k -v -H "Authorization: Bearer " https://OMITTED.amazonaws.com/api/v1/namespaces/SOMENAMESPACE/pods`

@astefanutti This command works. I get the following: ``` I1129 07:56:44.179968 155 loader.go:359] Config loaded from file /root/.kube/config I1129 07:56:44.180408 155 round_trippers.go:419] curl -k -v -XGET -H "Accept: application/json, */*"...

@astefanutti ``` * Trying SOMEIP:443... * TCP_NODELAY set * Connected to OMITTED.amazonaws.com (SOMEIP) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations:...

@astefanutti It's strange, that the curl command works inside of kubectl but the same curl command does not work outside of it. `$ echo $KUBECONFIG` returns nothing

@astefanutti Yes I'm able to 👍

@astefanutti I get the following in the response.json ``` { "kind": "ExecCredential", "apiVersion": "client.authentication.k8s.io/v1alpha1", "spec": {}, "status": { "expirationTimestamp": "2019-11-29T11:07:51Z", "token": "SOMETOKEN" } } ```

@astefanutti When I enter the cluster name in I get the following: `could not verify token: sts getCallerIdentity failed: error from AWS (expected 200, got 403)` When I enter the...

@astefanutti So the command again fails with: `could not verify token: sts getCallerIdentity failed: error from AWS (expected 200, got 403)` And have the following entries in env: ``` HOSTNAME=e39ab07991c2...

@astefanutti `&{ARN:arn:aws:sts::SOMEROLEID:assumed-role/SOMEROLE/SOMESESSIONNAME CanonicalARN:arn:aws:iam::SOMEROLEID:role/SOMEROLE AccountID:SOMEACCOUNTID UserID:SOMEUSERID SessionName:SOMESESSIONNAME}`

@astefanutti The tokens are different. The first 190 characters are identical. The next some thousand characters are different.