Lab 15.2 Step 15: pods is still forbidden

caishaoping

Hi There,

After rolebinding, I am still not able to "get pods", as following is show:

vagrant@master-1:~$ kubectl --context=DevDan-context get pods
Error from server (Forbidden): pods is forbidden: User "DevDan" cannot list resource "pods" in API group "" in the namespace "development"
vagrant@master-1:~$

Following is highlights of what I have done:

1. At Step 6, I am using /home/vagrant/ for DevDan.crt and DevDan.key
   kubectl config set-credentials DevDan --client-certificate=/home/vagrant/DevDan.crt --client-key=/home/vagrant/DevDan.key

vagrant@master-1:~$ ls -al /home/vagrant/DevDan*
-rw-r--r-- 1 root root 1017 Mar 12 02:12 /home/vagrant/DevDan.crt
-rw-rw-r-- 1 vagrant vagrant 915 Mar 12 02:08 /home/vagrant/DevDan.csr
-rw------- 1 vagrant vagrant 1679 Mar 12 02:04 /home/vagrant/DevDan.key
vagrant@master-1:~$

2. When looking at "developer" role, it is created:
   vagrant@master-1:~$ kubectl -n development describe role developer
   Name: developer
   Labels:
   Annotations:
   PolicyRule:
   Resources Non-Resource URLs Resource Names Verbs
   --------- ----------------- -------------- -----
   deployments [] [] [list get watch create update patch delete]
   pods [] [] [list get watch create update patch delete]
   replicasets [] [] [list get watch create update patch delete]
   deployments.apps [] [] [list get watch create update patch delete]
   pods.apps [] [] [list get watch create update patch delete]
   replicasets.apps [] [] [list get watch create update patch delete]
   deployments.extensions [] [] [list get watch create update patch delete]
   pods.extensions [] [] [list get watch create update patch delete]
   replicasets.extensions [] [] [list get watch create update patch delete]

3. when looking at rolebinding:

vagrant@master-1:~$ kubectl -n development describe rolebinding developer-role-binding
Name: developer-role-binding
Labels:
Annotations:
Role:
Kind: Role
Name: developer
Subjects:
Kind Name Namespace
---- ---- ---------
User DevVan
vagrant@master-1:~$

Did I miss any? Help Appreciated.

Regards
Shao

chrispokorni

Hi @caishaoping,

I would revisit the rolebinding definition file, and check for typos.

Regards,
-Chris

caishaoping

Hi @chrispokorni,

Indeed, there is typo on the User field in my rolebind.yaml, once corrected, all is so charming, as following.

vagrant@master-1:~$ kubectl -n development edit rolebinding developer-role-binding
rolebinding.rbac.authorization.k8s.io/developer-role-binding edited

vagrant@master-1:~$ kubectl --context=DevDan-context get pods
No resources found in development namespace.

Thank you very much
Shao