`kcl mod add k8s` returns 403
Closed this issue · 3 comments
Bug Report
I am testing kcl and was just trying out the examples in https://www.kcl-lang.io/docs/user_docs/guides/working-with-k8s/generate-k8s-manifests#3-get-the-kubernetes-modules-from-registry
I can access https://ghcr.io/v2/kcl-lang/k8s/tags/list via xh
# get token
xh "https://ghcr.io/token?scope=repository%3Akcl-lang%2Fk8s%3Apull&service=ghcr.io"
# show tags
xh https://ghcr.io/v2/kcl-lang/k8s/tags/list "Authorization:Bearer <token>"
1. Minimal reproduce step (Required)
kcl mod add k8s
2. What did you expect to see? (Required)
Some success message? I do not know, what I should expect to see...
3. What did you see instead (Required)
adding dependency 'k8s'
failed to select latest version from 'ghcr.io/kcl-lang/k8s'
GET "https://ghcr.io/v2/kcl-lang/k8s/tags/list": GET "https://ghcr.io/token?scope=repository%3Akcl-lang%2Fk8s%3Apull&service=ghcr.io": response status code 403: denied: denied
4. What is your KCL components version? (Required)
kclvm: 0.8.4
kclvm_cli: 0.8.4
kcl: 0.8.4
Since I am using nixos I created my own derivations like this: https://github.com/diefans/kcl-nix
The success message maybe like:
adding dependency 'k8s'
the lastest version '1.29' will be added
downloading 'kcl-lang/k8s:1.29' from 'ghcr.io/kcl-lang/k8s:1.29'
add dependency 'k8s' successfully
I've noticed someone have added the k8s dependency successfully. For example: https://github.com/metacoma/mindwm-gitops-kcl
This is a bit strange. Can you help investigate it? @zong-zhe
@Peefy It turned out, that there was an expired token in ~/.docker/config.json
for https://ghcr.io
Two ways to solve:
- remove the credentials completely - I guess, this will use the token from
xh "https://ghcr.io/token?scope=repository%3Akcl-lang%2Fk8s%3Apull&service=ghcr.io"
- create a new token in github to access github packages and use
docker login -u <username> -p $(pass github/your_packages_token) https://ghcr.io
to store and validate the token
I was using https://github.com/go-delve/delve to understand what happens, so it might be helpful at least for a kcl-newbie to indicate or document (in the tutorial), that such a token is used for accessing or downloading dependencies...
I will close this issue, since for now I am happy :)