Kubernetes REST API - Unauthorized

0
votes

I have following Kubernetes REST API request

GET https://theserver/api/v1/pods?includeUninitialized=true

and included following HTTP Headers in the request:

Authorization: Basic ***************
Accept: application/json, */*
User-Agent: kubectl.exe/v1.13.0 (windows/amd64) kubernetes/ddf47ac

Result is the following error

{
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {},
    "status": "Failure",
    "message": "Unauthorized",
    "reason": "Unauthorized",
    "code": 401
}

I already tried the following:

  • Analog kubectl request "kubectl describe pods --all-namespaces" works fine (but I need REST)
  • Used "--v=12" parameter as in newkind101's comment to Kubernetes REST API to see the underlying REST API calls - looks same as mine
  • Read Kubernetes Documentation - but I failed to find detail information which HTTP headers or/and HTTP body values to send to authenticate properly (few thing I could retrieve from curl sample calls in that docs)
  • I read Access Kubernetes API using REST APIs but want to understand my issue before I use a framework like GoDaddy

kubectl seems to do a bit more than I can see with the "--v=12" parameter. This bit is likely connected to things in ".kube/config" file. Still I don't know what exactly and where to put in my HTTP request.

1
restapikubernetesauthorization
How have you setup authentication for your cluster? If you want to understand the topic more -> kubernetes.io/docs/reference/access-authn-authz/authenticationOld Schooled
Good point, thanks. I did not setup the cluster myself, I just received Url and credentials ("Basic ******") to program against. I assume Url and credentials are correct as these work with kubectl.exe from the command-line. Though, I will have this double-checked on Monday.Markus
Answer regarding auth setup: Yes, for the simple setup this goes out of the box via AAD integration.Markus

1 Answers

0
votes

As far as I remember Basic authentication method is disabled by default and needs to be enabled by adding --basic-auth-file flag to the API server configuration, therefore all requests to REST API are identified as anonymous user and might be resulted in 401 Unauthorized error.