Description of problem:

When Kubernetes API errors occur during E2E tests, the full error object from @kubernetes/client-node is logged to the console. This error object contains the complete HTTP request/response, including the Authorization header with the bearer token. This causes sensitive credentials to be exposed in CI logs.

Prerequisites (if any, like setup, operators/versions):

• E2E tests running against a Kubernetes cluster
• Any test that triggers a Kubernetes API error (e.g., namespace deletion, resource not found)

Steps to Reproduce

1. Run E2E tests that interact with Kubernetes API (e.g., kubernetes-actions.spec.ts)
2. Trigger an error condition (e.g., delete a namespace that doesn't exist)
3. Check CI logs

Actual results:

The full error object is logged, including:

Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6...

This exposes the Kubernetes service account token in CI logs.

Expected results:

Error messages should only contain safe information like error message, reason, and status code - never the full HTTP request with Authorization headers.

Reproducibility (Always/Intermittent/Only Once):

Always - whenever a Kubernetes API error is logged in kube-client.ts

Build Details:

All versions using e2e-tests/playwright/utils/kube-client.ts

Additional info (Such as Logs, Screenshots, etc):

Fix PR: https://github.com/redhat-developer/rhdh/pull/4103

The fix adds a getKubeApiErrorMessage() helper function that safely extracts only non-sensitive information from Kubernetes API errors:

• body.message, body.reason, body.code (standard K8s API error fields)
• HTTP status code and message as fallback
• Generic error message as last resort