You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I snoop on kubectl requests using mitmproxy, I see the Authorization header and Bearer token sent with the requests.
Note that GKE masters use https:// with self signed certs (included in kubeconfig).
However, when I point the kubeconfig to a local server e.g. server: http://localhost:8080 with the rest of the kubeconfig same, I notice that no Authorization header is sent to the server.
I have further confirmed this by making my localhost server serve using a self-signed TLS certificate, on https://localhost:6433 and when I do that my local apiserver gets the Authorization header.
Is this expected?
Should this be documented? I spent a couple of hours trying to figure out why my local apiserver over http:// doesn't get Authorization header.
/kind bug
The text was updated successfully, but these errors were encountered:
Upon debugging it seems like client-go, intentionally, chooses not to read the authentication parts of the clientConfig if the server URL is not https.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
I have a GKE cluster kubeconfig, so its user section looks like this:
When I snoop on kubectl requests using
mitmproxy
, I see theAuthorization
header and Bearer token sent with the requests.Note that GKE masters use https:// with self signed certs (included in kubeconfig).
However, when I point the kubeconfig to a local server e.g.
server: http://localhost:8080
with the rest of the kubeconfig same, I notice that noAuthorization
header is sent to the server.I have further confirmed this by making my localhost server serve using a self-signed TLS certificate, on
https://localhost:6433
and when I do that my local apiserver gets theAuthorization
header./kind bug
The text was updated successfully, but these errors were encountered: