https://garden.io logo
Powered by
#🌱|help-and-getting-started
Unable to connect to Kubernetes cluster. Got error: Request failed with response code 401: Kubernete
# 🌱|help-and-getting-started
t

thankful-area-26035

11/20/2023, 5:03 PM
I've been using garden for a year or so at this point with no problem. Today when I try to run garden deploy I receive the following: βœ– providers β†’ Failed processing resolve provider kubernetes (took 0.76 sec). This is what happened: ──────────────────────────────────────────────────────────────────────────────── Unable to connect to Kubernetes cluster. Got error: Request failed with response code 401: Kubernetes API: https://rancher.XXXXXXX.com/version. Message from the API: Unauthorized ──────────────────────────────────────────────────────────────────────────────── Failed resolving one or more providers: - kubernetes We're using a self hosted rancher cluster, the only reference I've seen to this error was regarding using an azure cluster.
p

polite-fountain-28010

11/20/2023, 5:11 PM
Which garden version are you experiencing this with? Did you update it before the issue appeared?
t

thankful-area-26035

11/20/2023, 5:12 PM
I upgraded to 0.13.20 last week, it was working before and after the upgrade.
p

polite-fountain-28010

11/20/2023, 5:13 PM
I see, so it's probably not related to the upgrade then. I was asking since we updated the kubernetes library in 0.13.20 together with some other changes, so it seemed like a good candidate for a root cause.
t

thankful-area-26035

11/20/2023, 5:15 PM
I feel like I'm postive that it was working post upgrade, I can attempt to downgrade to 0.13.19 real quick.
p

polite-fountain-28010

11/20/2023, 5:15 PM
That would be good to verify
t

thankful-area-26035

11/20/2023, 5:17 PM
in progress, the download is going rather slow, I'll let you know in a few minutes. thanks!
okay I must have tested post upgrade in a dream or something, because it does seem to be working with 0.13.19
p

polite-fountain-28010

11/20/2023, 5:36 PM
Alright, that's good to know. Is there anything special about how kubernetes authenticates with rancher here?
t

thankful-area-26035

11/20/2023, 5:41 PM
not that I know of, but I'm certainly not an expert here. I'd be happy to do any troubleshooting you need.
p

polite-fountain-28010

11/21/2023, 11:44 AM
Do you know if the auth is happening via a proxy?
We opened a PR that resolved a different issue that we suspect might also fix your issue. https://github.com/garden-io/garden/pull/5466 When it's merged and the edge release has been created, which should happen automatically within the next hour or so, maybe you could try and run 
garden self-update edge-bonsai
and see if that fixes your problem too. If not we'll have to debug your case in more detail next so we can also ship a fix for that with the next main release.
t

thankful-area-26035

11/21/2023, 5:10 PM
sure I'll give it a try here in a little bit. I don't believe we're using a proxy for auth. I'm looking at my kubeconfig, and each server context has a server reference pointed directly to that server. If there's something else I should look at let me know.
I upgraded to edge-bonsai, and I'm still getting the same error.
b

big-spring-14945

11/22/2023, 3:15 PM
@thankful-area-26035 thank you for checking that! Can you send us your Kubeconfig, with the sensitive values redacted?
@thankful-area-26035 does the command 
env|grep PROXY
print any environment variables on the shell you are running 
garden
commands from?
t

thankful-area-26035

11/22/2023, 3:59 PM
No results frmo the env / grep. My kubeconfig is attached. The error occurs when I try to deploy to the den1-kube-prod or dal1-kube-prod clusters. I just confirmed that I can run a deploy to my local docker-desktop cluster running 0.13.20. https://cdn.discordapp.com/attachments/1176206279438516254/1176914758805496020/kubeconfig.txt?ex=65709a48&is=655e2548&hm=4dfc4fc9acdc9f6288992ecf8ca5b474fb8488941b7466868fcce237daa49d6b&
p

polite-fountain-28010

11/23/2023, 11:03 AM
We've set up our own rancher but so far have still been unable to reproduce this on our side. @big-spring-14945 had a theory that this might also be related to SNI, which we might be able to confirm with a simple change. Could you try in your cluster config to add the key 
tls-server-name: [RANCHER PUBLIC HOST]
and see if it works afterwards with the 
edge-bonsai
version? So the config would look something like this
Copy code
apiVersion: v1
clusters:
- cluster:
    server: https://[RANCHER PUBLIC HOST]/k8s/clusters/c-q7kkb
    tls-server-name: [RANCHER PUBLIC HOST]
  name: dal1-kube-prod
Never mind, we found the actual bug. We will open a PR for this soon.
The PR is at https://github.com/garden-io/garden/pull/5476 Same procedure as last time, once the PR is merged, the fix should be on the edge release about 20 minutes later.
@thankful-area-26035 the fix has been released on 
edge-bonsai
t

thankful-area-26035

11/23/2023, 6:00 PM
Tim, I upgraded to the latest edge-bonsai and can confirm it fixed my issue. Thank you very much for the help!
p

polite-fountain-28010

11/24/2023, 3:36 PM
This has now been released as 0.13.21 so you won't have to stay on the edge release any longer πŸ™‚
Powered by