Error from server (Forbidden): pods is forbidden: User cannot list resource "pods" in API group at the cluster scope

huangapple go评论55阅读模式
英文:

Error from server (Forbidden): pods is forbidden: User cannot list resource "pods" in API group at the cluster scope

问题

我的私有 AKS 集群只允许 root 用户在跳板主机上使用 kubectl 访问。但对于非 root 用户,会出现以下错误信息:

someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group "" at the cluster scope

如何解决这个错误?

英文:

My private AKS Cluster is accessible only to the root user using kubectl on a jumphost. But for a non-root user it throws below error message:

someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group " " at the cluster scope

How to resolve this error?

答案1

得分: 1

解决方法是从$HOME/.kube/中删除旧的配置,然后在使用相关用户登录后重新初始化它。

英文:

in this case solution was to delete the old config from $HOME/.kube/ and re-initialize it after az login with the user in question

答案2

得分: 1

以下是您要翻译的内容:

" It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl or kubelogin.

I followed below steps for both -- root as well as non-root user and after kubectl worked successfully.

root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config 
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli

someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config 
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli

请注意,其中的&实际上应该是&&<tenant-id><subscription-id><resource-group-name><aks-cluster-name>应替换为实际的值。

英文:

It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl or kubelogin.

I followed below steps for both -- root as well as non-root user and after kubectl worked successfully.

root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config 
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli

someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config 
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli

huangapple
  • 本文由 发表于 2023年2月14日 20:26:42
  • 转载请务必保留本文链接:https://go.coder-hub.com/75447815.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定