Lens/OpenLens错误 –> 获取集群ID:的/version失败

huangapple go评论89阅读模式
英文:

Lens/OpenLens Error --> failed to get /version for clusterId:<ID>

问题

我创建这个条目来分享在调查Lens/OpenLens时发现的一个非常令人沮丧的问题,对于一个特定的集群,我们收到了以下类型的错误:

failed to get /version for clusterId:<ID> [Forbidden/Bad Gateway/Internal]

(我们正在使用InfraHQ管理这个集群的RBAC)。

尽管kubectl工作正常,但仍然发生了这个问题。
当分配一个cluster-admin角色(infraHQ)--> 允许所有操作,问题得到解决

英文:

I'm creating this entry to share my findings after investigating a very frustrating issue with Lens/OpenLens, in which for a specific cluster we received the following type of errors:

failed to get /version for clusterId:&lt;ID&gt; [Forbidden/Bad Gateway/Internal]

(We are managing this cluster's RBAC using InfraHQ).

It occurred despite the fact that kubectl was working okay.
When assigning a cluster-admin role (infraHQ) --> allow all operations on everything, it resolved the issue.

答案1

得分: 0

最终解决我的问题的方法是在相关的 ClusterRole 配置中添加以下内容到 rules 字段下面:

- nonResourceURLs:
  - /*
  verbs:
  - get

这样,Lens 可以在非资源URL上运行 get 请求,因此集群可以在 Lens 中加载/打开。

英文:

Eventually, what resolved my issue, was the below addition to the relevant ClusterRole config under the rules field:

- nonResourceURLs:
  - /*
  verbs:
  - get

That way, Lens could run the get request on that non-resource URL, and hence, the cluster could load/open in Lens.

答案2

得分: 0

只是今天遇到了这个问题,看起来集群AuthZ在kubeconfig文件中已经耗尽。我想这个文件已经有点旧了,可能不再有效。

对我有效的解决方法是通过正常方式访问集群,无论是在本地还是云提供商上。一旦您使用一个已定义的clusterrole访问集群并将其保存到kubeconfig中,获取该配置文件的内容并将其呈现给Lens就可以完成工作。

我认为它与我们是否使用cluster-admin角色或仅使用基于视图的角色无关的原因是Lens中提供的kubeconfig文件已经预授权kubeconfig授权和与访问相匹配的证书。它们可能已经过期,因此导致了访问权限的丧失。

英文:

Just faced with this issue today and it looks like the cluster AuthZ has exhausted in the kubeconfig file. Kind of got old and not valid is what I presume.

Solution that worked for me is to access the cluster via normal way, be it on-prem or cloud provider. Once your cluster access with a defined clusterrole is saved to kubeconfig. Get that config file's content and present it to Lens does the job.

The reason why I believe that it has nothing to do with whether we are using cluster-admin role or only view based role is due to the fact that in Lens we provide the kubeconfig file which was pre-authorized kubeconfig authorization and certs aligned to the access. They could have expired and thus the loss of access

huangapple
  • 本文由 发表于 2023年7月11日 01:17:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/76655955.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定