Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chectl server:start doesn't work on secured k8s #13800

Closed
benoitf opened this issue Jul 9, 2019 · 6 comments · Fixed by che-incubator/chectl#211
Closed

Chectl server:start doesn't work on secured k8s #13800

benoitf opened this issue Jul 9, 2019 · 6 comments · Fixed by che-incubator/chectl#211
Labels
area/chectl Issues related to chectl, the CLI of Che kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.0.0

Comments

@benoitf
Copy link
Contributor

benoitf commented Jul 9, 2019
edited by l0rd
Loading

Description

When using a remote k8s (like running on EC2), when chectl is grabbing the status it may fail due to Unauthorized error.
It's because it is trying to perform http call without token

https://github.com/che-incubator/chectl/blob/d3ff3100b3da737f6bd9267f69d7e5800bdcf6a4/src/api/kube.ts#L566-L576

${currentCluster.server}/healthz is secured

So, installing che on these k8s installs is not possible with chectl
@benoitf benoitf added kind/bug Outline of a bug - must adhere to the bug report template. area/editor/theia Issues related to the che-theia IDE of Che labels Jul 9, 2019
@benoitf benoitf changed the title [che-ctl] Unauthorized error with k8s [chectl] Unauthorized error with k8s Jul 9, 2019
@l0rd l0rd added the severity/P1 Has a major impact to usage or development of the system. label Jul 9, 2019
@l0rd
Copy link
Contributor

l0rd commented Jul 9, 2019

This is a P1 but we don't have to support it for GA so setting milestone 7.1.0

@l0rd l0rd added area/chectl Issues related to chectl, the CLI of Che and removed area/editor/theia Issues related to the che-theia IDE of Che labels Jul 9, 2019
@l0rd l0rd added this to the 7.1.0 milestone Jul 9, 2019
@benoitf
Copy link
Contributor Author

benoitf commented Jul 9, 2019

so it means basically chectl can't install che on EC2 for example for GA (as status is the first check)

@l0rd l0rd changed the title [chectl] Unauthorized error with k8s Chectl server:start doesn't work on secured k8s Jul 9, 2019
@l0rd
Copy link
Contributor

l0rd commented Jul 9, 2019

@benoitf is the token something that we already get with the KubeConfig or is something that the user should provide as a separate parameter?

@benoitf
Copy link
Contributor Author

benoitf commented Jul 9, 2019

I'm able to grab it with default service account / secrets

@benoitf
Copy link
Contributor Author

benoitf commented Jul 9, 2019

so basically user shouldn't do something

@l0rd
Copy link
Contributor

l0rd commented Jul 9, 2019

ok so it looks that this hasn't impact on the UX and should be pretty easy to implement. Set milestone 7.0.0.

@l0rd l0rd modified the milestones: 7.1.0, 7.0.0 Jul 9, 2019
benoitf added a commit to che-incubator/chectl that referenced this issue Jul 10, 2019
@benoitf
fix(k8s): token missing in endpoint when calling /healthz
00993bf 
It fixes eclipse-che/che#13800

Grab secret from serviceAccount and use it when calling the endpoint

Change-Id: I5daf5df41d8cebc51ef501c629eca65bc63ae729
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
benoitf added a commit to che-incubator/chectl that referenced this issue Jul 10, 2019
@benoitf
fix(k8s): token missing in endpoint when calling /healthz
259caa5 
It fixes eclipse-che/che#13800

Grab secret from serviceAccount and use it when calling the endpoint

Change-Id: I5daf5df41d8cebc51ef501c629eca65bc63ae729
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf mentioned this issue Jul 10, 2019
Merged
benoitf added a commit to che-incubator/chectl that referenced this issue Jul 15, 2019
@benoitf
fix(k8s): token missing in endpoint when calling /healthz
2fd1b21 
It fixes eclipse-che/che#13800

Grab secret from serviceAccount and use it when calling the endpoint

Change-Id: I5daf5df41d8cebc51ef501c629eca65bc63ae729
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
benoitf added a commit to che-incubator/chectl that referenced this issue Jul 15, 2019
@benoitf
fix(k8s): token missing in endpoint when calling /healthz
8ea70a3 
It fixes eclipse-che/che#13800

Grab secret from serviceAccount and use it when calling the endpoint

Change-Id: I5daf5df41d8cebc51ef501c629eca65bc63ae729
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
benoitf added a commit to che-incubator/chectl that referenced this issue Jul 15, 2019
@benoitf
fix(k8s): token missing in endpoint when calling /healthz
b508feb 
It fixes eclipse-che/che#13800

Grab secret from serviceAccount and use it when calling the endpoint

Change-Id: I5daf5df41d8cebc51ef501c629eca65bc63ae729
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf mentioned this issue Sep 13, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/chectl Issues related to chectl, the CLI of Che kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

fix(k8s): token missing in endpoint when calling /healthz che-incubator/chectl
2 participants
@benoitf @l0rd