英文:
Error from server (Forbidden): pods is forbidden: User cannot list resource "pods" in API group at the cluster scope
问题
我的私有 AKS 集群只允许 root 用户在跳板主机上使用 kubectl
访问。但对于非 root 用户,会出现以下错误信息:
someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group "" at the cluster scope
如何解决这个错误?
英文:
My private AKS Cluster is accessible only to the root user using kubectl
on a jumphost. But for a non-root user it throws below error message:
someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group " " at the cluster scope
How to resolve this error?
答案1
得分: 1
解决方法是从$HOME/.kube/
中删除旧的配置,然后在使用相关用户登录后重新初始化它。
英文:
in this case solution was to delete the old config from $HOME/.kube/
and re-initialize it after az login
with the user in question
答案2
得分: 1
以下是您要翻译的内容:
" It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl
or kubelogin
.
I followed below steps for both -- root as well as non-root user and after kubectl
worked successfully.
root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli
someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli
请注意,其中的&
实际上应该是&&
,<tenant-id>
,<subscription-id>
,<resource-group-name>
和<aks-cluster-name>
应替换为实际的值。
英文:
It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl
or kubelogin
.
I followed below steps for both -- root as well as non-root user and after kubectl
worked successfully.
root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli
someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论