Description
Auth issue with your client code and not sure how to fix it.
OS: MacOS Bigsur
Python: 3.9
Using included example code:
import asyncio
import logging
from kubernetes_asyncio import client, config
async def main():
await config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = await v1.list_pod_for_all_namespaces()
for i in ret.items:
print(i.status.pod_ip, i.metadata.namespace, i.metadata.name)
if name == 'main':
logging.basicConfig(level=logging.DEBUG)
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
loop.close()
kubectl works fine but using the script above, I'm getting the following error:
DEBUG:asyncio:Using selector: KqueueSelector
DEBUG:root:kubeconfig loader - current-context testcluster, cluster testcluster, user testclusteruser, provider None
DEBUG:root:Try to use exec provider
Listing pods with their IPs:
DEBUG:kubernetes_asyncio.client.rest:response body: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" at the cluster scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}\n'
why system:anonymous? I have authenticated with IAM role and able to use kubectl w/o issue already. The debug is correct context/user/cluster info.
The following library from kubernetes python library (not asyncio) works fine:
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
#namespaces = v1.list_namespace().to_dict()['items']
pods = v1.list_pod_for_all_namespaces().to_dict()['items']
print(pods)
Any specific change I need to make in order for kubernetes_asyncio to work on my local laptop for development?
Special thanks,
LK