stream(api_instance.connect_post_namespaced_pod_attach, ...) doesn't perform a POST #2084
Description
Link to the issue (please include a link to the specific documentation or example):
https://github.com/kubernetes-client/python/blob/master/examples/pod_exec.py
Description of the issue (please include outputs or screenshots if possible):
I think it would be helpful if the documentation, or at least the reference code example mentioned above, would make it clear that stream(api_instance.connect_post_namespaced_pod_attach, ...) behaves differently from kubectl exec, and requires a different K8s Role configuration:
kubectluses SPDY and makes a POST requeststream(api_instance.connect_post_namespaced_pod_attach, ...)uses websockets andstream(...)converts thePOSTrequest to aGETrequest.
The permission for pods/exec has to include the verb create for kubectl, and get for the Python code mentioned above.
This could save some time when debugging why the library doesn't work.
- The Python api call without the verb
getpermitted:
pods "toolbox" is forbidden: User "system:serviceaccount:serviceaccounts:username" cannot get resource "pods/exec" in API group "" in the namespace "playground"
The word get is used instead of create (because the request was not a POST HTTP request).
- kubectl:
$ kubectl -n playground exec toolbox --v=8 echo test
...
I0704 16:24:58.079971 14688 round_trippers.go:463] POST https://1.2.3.4:1234/api/v1/namespaces/playground/pods/toolbox/exec?command=echo&command=test&container=toolbox&stderr=true&stdout=true
...
I0704 16:24:58.286950 14688 round_trippers.go:574] Response Status: 101 Switching Protocols in 206 milliseconds
I0704 16:24:58.287542 14688 round_trippers.go:577] Response Headers:
I0704 16:24:58.288704 14688 round_trippers.go:580] Connection: Upgrade
I0704 16:24:58.288792 14688 round_trippers.go:580] Upgrade: SPDY/3.1