EKS auth issue - anonymous user

[funes79]

Hi, in this issue #188 it was stated that the problem should be fixed but in version 24.2.2 I got an error:

HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" at the cluster scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}

    kconfig = config.kube_config.Configuration(
        host=cluster_data['endpoint'],
        api_key={'authorization': 'Bearer ' + my_token['status']['token']},
        ssl_ca_cert=my_cafile.name
    )
    # use the context manager to close http sessions automatically
    async with client.ApiClient(configuration=kconfig) as api:

        v1 = client.CoreV1Api(api)
        print("Listing pods with their IPs:")
        ret = await v1.list_pod_for_all_namespaces()

when I downgrade the version to 21.7.1 then it works:

    kconfig = config.kube_config.Configuration(
        host=cluster_data['endpoint'],
        api_key={'authorization': 'Bearer ' + my_token['status']['token']},
    )
    kconfig.ssl_ca_cert = my_cafile.name
    # use the context manager to close http sessions automatically
    async with client.ApiClient(configuration=kconfig) as api:

        v1 = client.CoreV1Api(api)
        print("Listing pods with their IPs:")
        ret = await v1.list_pod_for_all_namespaces()

[tomplus]

Hi @funes79, yes there is a breaking change in version >=22.x

Could you try to use "BearerToken" instead of "authorization":

    kconfig = config.kube_config.Configuration(
        host=cluster_data['endpoint'],
        api_key={'BearerToken': 'Bearer ' + my_token['status']['token']},
    )

?

[tomplus]

I'm closing it now. Please feel free to reopen if suggested fix doesn't work for you.