[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

Hi Akram

Thanks for the answer. Insightful.
For now we can't easily switch libraries given the extent of usage and amount of work to migrate.


Am 01.10.19 um 16:34 schrieb Akram Ben Aissi:
Hi André,

indeed this is the new default. And, historically, because of a CVE raising an issue about it, dropping discovery of /api has been removed but then temporary restored in 4.1 and removed in 4.2.

On the Jenkins plugins we were about to fix similar issues, cause /oapi was deprecated in OCP 4.2 . We depends on kubernetes-client Java library which fixed this.
https://github.com/fabric8io/kubernetes-client/issues/1587 and follow the different PR. If you depend on this library also, maybe you have your fix in a recent version.

Otherwise, IIRC, the eclipse plugin required credentials (or a token) to connect to openshift server, so in your case, you maybe "just" need to use them to then get the endpoints.


Le mar. 1 oct. 2019 à 15:38, Andre Dietisheim <adietish redhat com> a écrit :

In OpenShift 4.2 "/apis" started only being accessible to authorized
users. This causes troubles for the Eclipse tooling and the java client
library openshift-restclient-java
(https://github.com/openshift/openshift-restclient-java) which tries to
discover endpoints before authenticating.

Thus my question(s):

* Is this the new default?
* if this restriction is deliberate, what's the reasoning behind it?
* Is there a workaround?

Thanks for your answers!

dev mailing list
dev lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]