Ansible troubleshooting - Kubernetes K8s or OpenShift OCP 401 Unauthorized

Explore troubleshooting steps for Kubernetes 401 Unauthorized errors in Ansible when interacting with Kubernetes or OpenShift clusters.

Ansible troubleshooting - Kubernetes K8s/OpenShift OCP 401 Unauthorized

Today we're going to talk about Ansible troubleshooting, specifically about the "Kubernetes 401 Unauthorized" message.

This fatal error message happens when we are trying to execute some code against your Kubernetes K8s or OpenShift OCP cluster without any authentication tokens.

These circumstances are usually related to Kubernetes K8s or OpenShift OCP authentication and usually are not related to Ansible Playbook or Ansible configuration.

I'm Luca Berton and welcome to today's episode of Ansible Pilot.

Playbook

How to reproduce, troubleshoot, and fix the error:

"Kubernetes 401 Unauthorized".

The best way of talking about Ansible troubleshooting is to jump in a live Playbook to show you practically the "Kubernetes 401 Unauthorized" and how to solve it!

This Playbook is going to try to create an "example" namespace in a Kubernetes/OpenShift cluster.

Ansible Playbook code

``yaml


---
name: k8s Playbook
  hosts: localhost
  gather_facts: false
  connection: local
  vars:
    myproject: "example"
  tasks:
    - name: create {{ myproject }} namespace
      kubernetes.core.k8s:
        api_version: v1
        kind: Namespace
        name: "{{ myproject }}"
        state: present



error execution

`bash


ansible-pilot $ ansible-playbook kubernetes/namespace.yml 
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit
localhost does not match 'all'
PLAY [k8s Playbook] *
TASK [create example namespace] *
fatal: [localhost]: FAILED! => {"changed": false, "error": 401, "msg": "Namespace example: Failed to retrieve requested object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"Unauthorized\",\"reason\":\"Unauthorized\",\"code\":401}\\n'", "reason": "Unauthorized", "status": 401}
PLAY RECAP **
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
ansible-pilot $



troubleshooting

``bash

ansible-pilot $ oc get namespace

error: You must be logged in to the server (Unauthorized)

ansible-pilot $ crc status

CRC VM: Running

OpenShift: Running (v4.9.15)

Disk Usage: 18.27GB of 32.74GB (Inside the CRC VM)

Cache Usage: 12.79GB

Cache Directory: /Users/lberton/.crc/cache

ansible-pilot $ crc start

WARN A new version (2.0.1) has been published on https://developers.redhat.com/content-gateway/file/pub/openshift-v4/clients/crc/2.0.1/crc-macos-amd64.pkg

INFO A CodeReady Containers VM for OpenShift 4.9.15 is already running

Started the OpenShift cluster.

The server is accessible via web console