4.9.2 and master do not work with AWS GovCloud due to regional hardcoding
snorlaX-sleeps opened this issue · 0 comments
snorlaX-sleeps commented
The current release of Kubeclient (4.9.2) does not work with AWS GovCloud, resulting in an error like the following:
Traceback (most recent call last):
----
14: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:139:in `method_missing'
13: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:187:in `discover'
12: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:661:in `load_entities'
11: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:674:in `fetch_entities'
10: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:160:in `handle_exception'
9: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:674:in `block in fetch_entities'
8: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/connection.rb:200:in `get'
7: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/connection.rb:516:in `run_request'
6: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/rack_builder.rb:154:in `build_response'
5: from ~/.rvm/gems/ruby-2.6.0/gems/faraday_middleware-1.2.0/lib/faraday_middleware/response/follow_redirects.rb:67:in `call'
4: from ~/.rvm/gems/ruby-2.6.0/gems/faraday_middleware-1.2.0/lib/faraday_middleware/response/follow_redirects.rb:79:in `perform_with_redirection'
3: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/middleware.rb:18:in `call'
2: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/response.rb:59:in `on_complete'
1: from ~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/middleware.rb:19:in `block in call'
~/.rvm/gems/ruby-2.6.0/gems/faraday-1.8.0/lib/faraday/response/raise_error.rb:18:in `on_complete': the server responded with status 401 (Faraday::UnauthorizedError)
----
5: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:139:in `method_missing'
4: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:187:in `discover'
3: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:661:in `load_entities'
2: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:674:in `fetch_entities'
1: from ~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:159:in `handle_exception'
~/.rvm/gems/ruby-2.6.0/gems/kubeclient-4.9.2/lib/kubeclient.rb:173:in `rescue in handle_exception': Unauthorized (Kubeclient::HttpError)
The initial error is fixed by the code currently on the main branch, but is unreleased on Rubygems: #507
However, the same error (different failing line) occurs again, resulting in an unauthorised error as the endpoint for STS Proxy is hardcoded to point to the regular AWS partition, rather than the GovCloud partition.
If region selection is available on the AmazonEksCredentials.token() method, then it should also select the correct regional STS endpoint URL allowing for use in AWS GovCloud.