英文:
Lens/OpenLens Error --> failed to get /version for clusterId:<ID>
问题
我创建这个条目来分享在调查Lens/OpenLens时发现的一个非常令人沮丧的问题,对于一个特定的集群,我们收到了以下类型的错误:
failed to get /version for clusterId:<ID> [Forbidden/Bad Gateway/Internal]
(我们正在使用InfraHQ管理这个集群的RBAC)。
尽管kubectl
工作正常,但仍然发生了这个问题。
当分配一个cluster-admin
角色(infraHQ)--> 允许所有操作,问题得到解决。
英文:
I'm creating this entry to share my findings after investigating a very frustrating issue with Lens/OpenLens, in which for a specific cluster we received the following type of errors:
failed to get /version for clusterId:<ID> [Forbidden/Bad Gateway/Internal]
(We are managing this cluster's RBAC using InfraHQ).
It occurred despite the fact that kubectl
was working okay.
When assigning a cluster-admin
role (infraHQ) --> allow all operations on everything, it resolved the issue.
答案1
得分: 0
最终解决我的问题的方法是在相关的 ClusterRole
配置中添加以下内容到 rules
字段下面:
- nonResourceURLs:
- /*
verbs:
- get
这样,Lens 可以在非资源URL上运行 get
请求,因此集群可以在 Lens 中加载/打开。
英文:
Eventually, what resolved my issue, was the below addition to the relevant ClusterRole
config under the rules
field:
- nonResourceURLs:
- /*
verbs:
- get
That way, Lens could run the get
request on that non-resource URL, and hence, the cluster could load/open in Lens.
答案2
得分: 0
只是今天遇到了这个问题,看起来集群AuthZ在kubeconfig文件中已经耗尽。我想这个文件已经有点旧了,可能不再有效。
对我有效的解决方法是通过正常方式访问集群,无论是在本地还是云提供商上。一旦您使用一个已定义的clusterrole访问集群并将其保存到kubeconfig中,获取该配置文件的内容并将其呈现给Lens就可以完成工作。
我认为它与我们是否使用cluster-admin角色或仅使用基于视图的角色无关的原因是Lens中提供的kubeconfig文件已经预授权kubeconfig授权和与访问相匹配的证书。它们可能已经过期,因此导致了访问权限的丧失。
英文:
Just faced with this issue today and it looks like the cluster AuthZ has exhausted in the kubeconfig file. Kind of got old and not valid is what I presume.
Solution that worked for me is to access the cluster via normal way, be it on-prem or cloud provider. Once your cluster access with a defined clusterrole is saved to kubeconfig. Get that config file's content and present it to Lens does the job.
The reason why I believe that it has nothing to do with whether we are using cluster-admin role or only view based role is due to the fact that in Lens we provide the kubeconfig file which was pre-authorized kubeconfig authorization and certs aligned to the access. They could have expired and thus the loss of access
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论