Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

2019-10-03 Thread David Eads
019 at 10:52 AM David Eads wrote: > >> There is no plan to switch to 401. >> > > Would plans be created if a BZ were opened? Or this is an outright > rejection of ever changing it because it's not deemed incorrect (or because > "it's an api now and we can't change i

Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

2019-10-03 Thread David Eads
> > On Thu, Oct 3, 2019 at 3:46 PM David Eads wrote: > >> The 403 is intentional. The user has been authenticated as anonymous, so >> a 401 isn't returned. Kubernetes and OpenShift both return 403 when a user >> (even anonymous) attempts to access a forbidden resour

Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

2019-10-03 Thread David Eads
The 403 is intentional. The user has been authenticated as anonymous, so a 401 isn't returned. Kubernetes and OpenShift both return 403 when a user (even anonymous) attempts to access a forbidden resource regardless of whether it even exists. On Wed, Oct 2, 2019 at 4:06 PM Jean-Francois Maury

Re: Stop docker processes created by "oc cluster up"

2018-03-26 Thread David Eads
Yes, I would. Depending on what you change, other containers/pods may need to change. On Mon, Mar 26, 2018 at 1:18 PM, Charles Moulliard wrote: > So, do you recommend to use "oc cluster up" and "oc cluster down" even > when we store existing configs

openshift/api and openshift/client-go are authoritative

2017-11-28 Thread David Eads
As of https://github.com/openshift/origin/pull/17477, h ttps://github.com/openshift/api and https://github.com/openshift/client-go are the authoritative source of the OpenShift API types and the OpenShift external clients. The external types and go client are no longer present in

openshift/origin now vendors using glide

2017-11-22 Thread David Eads
We have just merged a pull which updates openshift/origin to use glide instead of godep for vendoring. Because of the particulars of vendoring and picking patches for kubernetes, we will continue to use a helper script called `hack/update-deps.sh` to run `glide update --strip-vendor`, but the

Kubernetes 1.7 rebase merged

2017-07-19 Thread David Eads
The Kuberenetes 1.7.0 rebase for OpenShift 3.7 merged into master last night (https://github.com/openshift/origin/pull/15234). In addition to bringing in the new Kubernetes features, there are a few notable changes/issues. 1. go 1.8 is now required to build 2. The unidling proxy is

API types moving packages

2017-06-26 Thread David Eads
pulls in the queue. Check your jobs to see if you're hitting a compile failure. David Eads ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: Update ssl certs

2016-03-20 Thread David Eads
I'm not aware of any plans to support a cross-namespace references for namespace scoped resources. As for routes in particular, openshift routes don't even have secret references, it's embedded right there in the type. The only way I'd know to do it is a label selected `oc get` (btw, label