kubeapps icon indicating copy to clipboard operation
kubeapps copied to clipboard

Published 20 hours ago verified publisher icon vmware-tanzu

Kubeops cannot return a list of namespaces in additional clusters

Open XenoAura opened this issue 2 years ago • 1 comments

Kubeops cannot return a list of namespaces in additional clusters where user has access only to own namespaces.

Kubeapps configuration:

  • oidc provider(keycloak)
  • separate oidc client for each cluster(audience configurated)
  • 1 cluster with installed kubeapps
  • 1 cluster with admin access
  • 1 cluster with limited access(serviceToken configurated for cluster-admin SA) - problem with displaying the list of namespaces

svcClientset is not use service token for additional clusters because variable svcConfig does not used: https://github.com/vmware-tanzu/kubeapps/blob/11c87926d6cd798af72875d01437d15ae8d85b9a/pkg/kube/kube_handler.go#L333-L336

Solution:

svcClientset, err = a.clientsetForConfig(&svcConfig)

I rebuild kubeops with it, and problem has gone

XenoAura avatar Jul 06 '22 20:07 XenoAura

Thanks for helping out @XenoAura! After removing kubeops, work has been done in #5286.

castelblanque avatar Sep 02 '22 10:09 castelblanque