[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?



Hi André,

indeed this is the new default. And, historically, because of a CVE raising an issue about it, dropping discovery of /api has been removed but then temporary restored in 4.1 and removed in 4.2.
See this https://bugzilla.redhat.com/show_bug.cgi?id=1711533

On the Jenkins plugins we were about to fix similar issues, cause /oapi was deprecated in OCP 4.2 . We depends on kubernetes-client Java library which fixed this.
https://github.com/fabric8io/kubernetes-client/issues/1587 and follow the different PR. If you depend on this library also, maybe you have your fix in a recent version.

Otherwise, IIRC, the eclipse plugin required credentials (or a token) to connect to openshift server, so in your case, you maybe "just" need to use them to then get the endpoints.

Akram


Le mar. 1 oct. 2019 à 15:38, Andre Dietisheim <adietish redhat com> a écrit :
Hi

In OpenShift 4.2 "/apis" started only being accessible to authorized
users. This causes troubles for the Eclipse tooling and the java client
library openshift-restclient-java
(https://github.com/openshift/openshift-restclient-java) which tries to
discover endpoints before authenticating.

Thus my question(s):

* Is this the new default?
* if this restriction is deliberate, what's the reasoning behind it?
* Is there a workaround?

Thanks for your answers!
André

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]