Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
The request failed with unexpected status code 'Forbidden' when connecting to AKS (dev spaces)
See original GitHub issuehi,
- I’m running VS 2017 15.9.3 Preview 1.0.
- I’m have installed the VS Kubernetes Tools.
- I’ve deployed an ASPnet core 2.2 mvc app.
I’ve seen this issue: tintoy/dotnet-kube-client#20
However, my issue is slightly different. I create an AKS, and get Azure dev spaces installed. I then deploy a a mvc web project to it using VS 2017.
This is the code I’m using to read my secrets with kube-client.
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights()
.ConfigureAppConfiguration(
configuration => GetConfigurationBuilder(configuration)
)
.UseStartup<Startup>()
.UseSetting(WebHostDefaults.ApplicationKey, typeof(Program).GetTypeInfo().Assembly.FullName); // beware of this
private static IConfigurationBuilder GetConfigurationBuilder(IConfigurationBuilder configuration)
{
if (Hosted.ByKubernetes)
{
_isConfiguredKubernetes = true;
return configuration.AddKubeSecret(secretName: DbConnectionString,
clientOptions: KubeClientOptions.FromPodServiceAccount(),
kubeNamespace: "default",
reloadOnChange: true
);
}
_isConfiguredKubernetes = false;
return configuration;
}
this code runs. however, the exception then occurs on this line:
var host = CreateWebHostBuilder(args).Build();
Here’s the exception log:
Exception thrown: 'HTTPlease.HttpRequestException`1' in System.Private.CoreLib.dll: 'The request failed with unexpected status code 'Forbidden'.'
Stack trace:
> at HTTPlease.FormatterResponseExtensions.<ReadContentAsAsync>d__15`2.MoveNext()
> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
> at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
> at KubeClient.ResourceClients.KubeResourceClient.<GetSingleResource>d__18`1.MoveNext()
> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
> at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
> at KubeClient.ResourceClients.SecretClientV1.<Get>d__1.MoveNext()
> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
> at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
> at KubeClient.Extensions.Configuration.SecretConfigurationProvider.Load()
> at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
> at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
> at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
> at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
> at Application.Web.Program.Main(String[] args) in /src/application.web/Program.cs:line 25
I have previously created a secret on the AKS with the following command:
kubectl create secret generic application-web-appsettings "--from-literal=DBConnectionString='sql connection string'" -o json
I have verified that the secret exists
Issue Analytics
- State:
- Created 5 years ago
- Comments:15 (9 by maintainers)
Top Results From Across the Web
Can't pull images from Azure Container Registry to ...
Cause 3: 403 Forbidden error · Solution 1: Ensure AKS virtual network link is set in the container registry's Private DNS zone ·...
Read more >403 Forbidden Error when using Azure AD for authentication
Hi, I am hosting Jupyterhub on an AKS instance, using helm charts and using Azure AD to authenticate the org users.
Read more >Troubleshoot Azure Key Vault Provider for Secrets Store ...
Cause 1: "Failed to get key vault token... nmi response failed with status code: 404" error ... This error occurs because a Node...
Read more >Docker build / docker compose up error: Unknown desc = ...
When building a container (through docker build, docker run or docker-compose) using NVIDIA containers, I get the following error, somewhat ...
Read more >AKS (Kubernetes) Virtual Kubelet + Azure Dev Spaces
Recent updates to the Azure Kubernetes Service ( AKS ) for developers and ops. Join, Program Manager for Azure Kubernetes Service, ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
(so you don’t need to use the client directly, just put the
try/catchin yourMainmethod)thanks for this. I think as you describe the issue is permissions related and I was making the call anyway by trying to use the wrong secret name.