i have set context and kubeconfig file correctly but getting below error on running
k get pods
:
Error from server (Forbidden): pods is forbidden: User "martin" cannot list resource "pods" in API group "" in the namespace "default"
How to solve this?
You’re not checking in the correct namespace
I am still getting the error. I ran below commands:
controlplane ~ âžś kubectl config set-credentials martin --client-certificate ./martin.crt --client-key ./martin.key
User “martin” set.controlplane ~ ➜ kubectl config set-context developer --cluster kubernetes --user martin --namespace=development
Context “developer” modified.controlplane ~ ➜ kubectl config use-context developer
Switched to context “developer”.controlplane ~ ➜ k config use-context developer
Switched to context “developer”.controlplane ~ ➜ k config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
developer kubernetes martin development kubernetes-admin@kubernetes kubernetes kubernetes-admincontrolplane ~ âžś k get po -n development
Error from server (Forbidden): pods is forbidden: User “martin” cannot list resource “pods” in API group “” in the namespace “development”controlplane ~
k get po
Error from server (Forbidden): pods is forbidden: User “martin” cannot list resource “pods” in API group “” in the namespace “development”controlplane ~
Error from server (Forbidden): pods is forbidden: User “martin” cannot list resource “pods” in API group “” in the namespace “development”
Am i doing anything wrong here?
Hi team,
can anyone check on this?
Hi @uzmashafi061,
Please perform these steps at last.
The following user doesn’t have sufficient permissions to list the resources.
Regards,
and how did u know that we have to perform these steps at last?
What @Tej-Singh-Rana mean is that do the test k get po with developer context after ALL tasks, including creating role and rolebinding.
There are 2 (could be more) possible explanations for your error below,
Error from server (Forbidden): pods is forbidden: User “martin” cannot list resource “pods” in API group “” in the namespace “development”
Explanation 1) you have yet to create role and rolebinding and you do a k get po with developer context
Explanation 2) your role is incorrect. (assuming you did create correct rolebinding?)
controlplane ~ âžś k config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* developer kubernetes martin development
kubernetes-admin@kubernetes kubernetes kubernetes-admin
controlplane ~ âžś k get po
NAME READY STATUS RESTARTS AGE
jekyll 1/1 Running 0 7m9s
controlplane ~ âžś k config use-context kubernetes-admin@kubernetes
Switched to context "kubernetes-admin@kubernetes".
controlplane ~ âžś k -n development get role,rolebinding
NAME CREATED AT
role.rbac.authorization.k8s.io/developer-role 2023-09-06T12:39:37Z
NAME ROLE AGE
rolebinding.rbac.authorization.k8s.io/developer-rolebinding Role/developer-role 3m13s
controlplane ~ âžś k -n development get role developer-role -oyaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"creationTimestamp":null,"name":"developer-role","namespace":"development"},"rules":[{"apiGroups":[""],"resources":["services","persistentvolumeclaims","pods"],"verbs":["*"]}]}
creationTimestamp: "2023-09-06T12:39:37Z"
name: developer-role
namespace: development
resourceVersion: "1429"
uid: 633d910a-96ea-4bc0-977e-97a53e3e0881
rules:
- apiGroups:
- ""
resources:
- services
- persistentvolumeclaims
- pods
verbs:
- '*'
controlplane ~ âžś