Description of problem: --- - oadm diagnostics produces error DCli0013 or DCli0014 when /root/.kube/config contains non-system:admin context Version-Release number of selected component (if applicable): --- - OCP 3.3.11 Steps to Reproduce: ---- 1. switch root user # su - 2. "oc login" with non-system admin. # oc login Authentication required for https://knakayam-ose33-lb1.example.com:8443 (openshift) Username: test Password: 3. 2. will write test user's context in .kube/config ~~~ - context: cluster: knakayam-ose33-lb1-example-com:8443 user: test/knakayam-ose33-lb1-example-com:8443 name: /knakayam-ose33-lb1-example-com:8443/test ~~~ 4. oc logout and oc l Actual results: --- - "oadm diagnostics" produce the error. ... ERROR: [DCli0013 from diagnostic ConfigContexts@openshift/origin/pkg/diagnostics/client/config_contexts.go:285] For client config context '/knakayam-ose33-lb1-example-com:8443/test': The server URL is 'https://knakayam-ose33-lb1.example.com:8443' The user authentication is 'test/knakayam-ose33-lb1-example-com:8443' The current project is 'default' (*errors.StatusError) User "system:anonymous" cannot list all projects in the cluster This means that when we tried to make a request to the master API server, your kubeconfig did not present valid credentials to authenticate your client. Credentials generally consist of a client key/certificate or an access token. Your kubeconfig may not have presented any, or they may be invalid. ... Expected results: --- - oadm diagnostics doesn't produce this error Additional info: --- - For DCli0014, I attached the /root/.kube/config in private.
I'm sorry, there are some typos.. **correct** Version-Release number of selected component (if applicable): --- - OCP 3.3.1.11 Steps to Reproduce: ---- 4. Logout non-admin user and login with system:admin # oc logout # oc login -u system:admin 5. Run oadm diagnostics
Luke, could you help have a look at this, please?
I met this issue. I just share my simple workaround here. You just delete the regular user context from '~/.kube/config' before executing "oc adm diagnostics". If the "admin" is regular account, we should delete the one for success of diagnostics. ~~~ # oc config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE default/master1-example-com:8443/admin master1-example-com:8443 admin/master1-example-com:8443 default * default/master1-example-com:8443/system:admin master1-example-com:8443 system:admin/master1-example-com:8443 default ~~~ Just delete the context, after backup the '~/.kube/config' file. ~~~ # oc config delete-context default/master1-example-com:8443/admin deleted context default/master1-example-com:8443/admin from /root/.kube/config # oc config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * default/master1-example-com:8443/system:admin master1-example-com:8443 system:admin/master1-example-com:8443 default ~~~ I verified disappearing the error when executing the 'oc adm diagnostics ConfigContext'.