Thanks Matthias, it was RBAC that was getting in the way. I created a new service account and clusterrolebinding and viola! Everything works now :) . Thanks for your help!!
- Josh On Friday, February 16, 2018 at 12:34:25 AM UTC-8, Matthias Rampke wrote: > > What ACLs are in place? What are the RBAC roles and bindings in effect for > the two service accounts? > > Disallowing pods in one namespace from accessing secrets in other > namespaces would be one of the first rules I would expect to be there. > > /MR > > On Thu, Feb 15, 2018, 23:31 Josh Harshman <joshg...@gmail.com > <javascript:>> wrote: > >> Two pods running in different namespaces are returning different results >> from the same GET request. >> >> i.e: >> >> ``` bash >> curl \ >> --insecure \ >> -X "GET" \ >> -H "Accept: application/json" \ >> -H "Authorization: Bearer $(</var/run/secrets/ >> kubernetes.io/serviceaccount/token)" \ >> " >> https://kubernetes.default:443/api/v1/namespaces/mynamespace/unseal-keys"; >> >> ``` >> >> In pod 1, success! : >> ``` json >> { >> "kind": "Secret", >> "apiVersion": "v1", >> "metadata": { >> "name": "unseal-keys", >> "namespace": "mynamespace", >> "selfLink": "/api/v1/namespaces/mynamespace/secrets/unseal-keys", >> "uid": "f153d05b-11cd-11e8-91da-0a1480637ef0", >> "resourceVersion": "141164931", >> "creationTimestamp": "2018-02-14T21:28:04Z" >> }, >> "data": { >> "one": "foo", >> "three": "bar", >> "two": "fizz", >> "five": "buzz", >> "four": "bazz" >> }, >> "type": "Opaque" >> } >> ``` >> >> in pod 2, failure: >> ``` json >> Internal Server Error: >> "/api/v1/namespaces/mynamespace/secrets/unseal-keys": the server could not >> find the requested resource/ >> ``` >> >> Any hints to why this might be happening? >> >> Thanks in advance! >> >> - Josh >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
