In this topic, I want to address a problem that can occur when using the Harness platform to deploy to a Kubernetes cluster.
In this scenario, a new K8s connector was created using the ‘Specify master URL and credentials’ authentication option with a ‘Service Account Token’
The ‘Service Account Token’ was collected from the cluster based on our documentation:
But when using the script to obtain the token, I have not decoded the token from base64.
Before creating a Harness Secret with my base64 token to finish my connector creation, I pasted the token into a text editor with a new empty line before the token.
When creating the new secret in Harness to use our token to use it in the K8s connection
Cluster Connector, I select everything in my text editor (the first blank line and my encoded token) and add it to the value field and save my secret:
Now everything is configured, let’s save our connector and use it for a deployment!
As we didn’t decode the base64 token, authentication with the configured Cluster API server doesn’t work, and that’s why we’ll see the 403 during the execution of our pipeline.
This is not a Harness issue. For some reason, the K8S API Server is considering that double encoded and with whitespace token a valid one and making the Connector Connection Test work.
To fix this, we need the decoded toke and remove the extra whitespace. Harness doesn’t do any further processing while using the secret. We get its value from Secret Manager and use it when calling the APIs, so as soon as the token value is fixed, everything should work fine from now on.