Git backend configuration not updating in Spring Cloud config service

Alex_Dynamo · August 22, 2025, 11:43am

I have a Spring Cloud configuration service running on OpenShift that uses a Git repository as its backend storage. Every time I make changes to configuration properties in the Git repo, I encounter a permission error.

The error shows that the service account lacks proper Kubernetes permissions:

2019-12-25 08:15:22.445  WARN 1 --- [nio-8080-exec-2] o.s.cloud.kubernetes.StandardPodUtils    : Cannot retrieve pod information for:[app-config-45-xyz89]. Check if required serviceaccount permissions are configured properly.

io.fabric8.kubernetes.client.KubernetesClientException: Request failed: GET at: https://kubernetes.default.svc/api/v1/namespaces/dev-env/pods/app-config-45-xyz89. Message: Access Denied! Service account permissions insufficient. pods "config-service-45-xyz89" is forbidden: User "system:serviceaccount:dev-env:default" cannot access resource "pods" in API group "" in the namespace "dev-env".
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:485) ~[kubernetes-client-3.1.10.jar!/:na]
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:421) ~[kubernetes-client-3.1.10.jar!/:na]

How can I fix these service account permissions so my config server can properly fetch updates from the Git backend?

Silvia85 · September 3, 2025, 8:17am

had the same problem b4. just make a new ServiceAccount with the right RBAC settings, avoid the default. give it ‘get’ and ‘list’ access for pods in your namespace, then link it in your deployment YAML.

SwiftCoder15 · September 3, 2025, 3:11am

Your Spring Cloud Config server may be attempting to use Kubernetes service discovery instead of solely integrating with Git. The fabric8 Kubernetes client cannot retrieve pod metadata due to insufficient permissions. You have two potential solutions: either establish a ClusterRole that grants ‘get’ and ‘list’ permissions for pods and associate it with your service account through a ClusterRoleBinding, or completely disable the Kubernetes features by including spring.cloud.kubernetes.enabled=false in your application properties if Kubernetes integration is not necessary. I faced a similar challenge when migrating config servers to OpenShift, as Kubernetes integration was enabled by default despite only requiring Git functionality.

Ryan_Nebula · August 31, 2025, 3:03am

Interesting issue! Are you using Kubernetes discovery in Spring Cloud Config? That’s probably why it’s trying to access pod info. Try disabling it with spring.cloud.kubernetes.discovery.enabled=false and see if the git backend works without K8s integration. Curious what happens!