Kubernetes: cannot get path "//.well-known/openid-configuration"

24 May 2021 | #tech

I’ve been playing with using kubernetes service account JWTs to authenticate Pods. To get the cert for checking the JWT signature, I needed to hit the https://kubernetes.default.svc/.well-known/openid-configuration endpoint, however as the URL was coming from a config file it ended up being https://kubernetes.default.svc//.well-known/openid-configuration (mind the double //). This worked well locally where everything runs under the powerful default service account, but when deployed I got an error saying:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:serviceaccount:my-namespace:my-service-account\" cannot get path \"//.well-known/openid-configuration\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
}

The solution was to remove the second /, and hitting https://kubernetes.default.svc/.well-known/openid-configuration worked like a charm.

Googleing the error didn’t bring up anything useful, so I’m sharing it here in the hopes of saving others the debugging time.

マークン #japan | #tech | #money | #parenting ✉️Subscribe

Kubernetes: cannot get path "//.well-known/openid-configuration"

Related posts

What to check before buying a land in Tokyo 22 Apr 2024

Comparing cities to live in: Musashino vs Mitaka vs Koganei 19 Apr 2024

Tech that helped us during the first months with a newborn baby 14 Mar 2024

マークン #japan | #tech | #money | #parenting

✉️Subscribe