Welcome to the Linux Foundation Forum!

Lab 15.2 Step 15: pods is still forbidden

Posts: 29
in LFS258 Class Forum

Hi There,

After rolebinding, I am still not able to "get pods", as following is show:

vagrant@master-1:~$ kubectl --context=DevDan-context get pods
Error from server (Forbidden): pods is forbidden: User "DevDan" cannot list resource "pods" in API group "" in the namespace "development"
vagrant@master-1:~$

Following is highlights of what I have done:

  1. At Step 6, I am using /home/vagrant/ for DevDan.crt and DevDan.key
    kubectl config set-credentials DevDan --client-certificate=/home/vagrant/DevDan.crt --client-key=/home/vagrant/DevDan.key

vagrant@master-1:~$ ls -al /home/vagrant/DevDan*
-rw-r--r-- 1 root root 1017 Mar 12 02:12 /home/vagrant/DevDan.crt
-rw-rw-r-- 1 vagrant vagrant 915 Mar 12 02:08 /home/vagrant/DevDan.csr
-rw------- 1 vagrant vagrant 1679 Mar 12 02:04 /home/vagrant/DevDan.key
vagrant@master-1:~$

  1. When looking at "developer" role, it is created:
    vagrant@master-1:~$ kubectl -n development describe role developer
    Name: developer
    Labels:
    Annotations:
    PolicyRule:
    Resources Non-Resource URLs Resource Names Verbs
    --------- ----------------- -------------- -----
    deployments [] [] [list get watch create update patch delete]
    pods [] [] [list get watch create update patch delete]
    replicasets [] [] [list get watch create update patch delete]
    deployments.apps [] [] [list get watch create update patch delete]
    pods.apps [] [] [list get watch create update patch delete]
    replicasets.apps [] [] [list get watch create update patch delete]
    deployments.extensions [] [] [list get watch create update patch delete]
    pods.extensions [] [] [list get watch create update patch delete]
    replicasets.extensions [] [] [list get watch create update patch delete]

  2. when looking at rolebinding:

vagrant@master-1:~$ kubectl -n development describe rolebinding developer-role-binding
Name: developer-role-binding
Labels:
Annotations:
Role:
Kind: Role
Name: developer
Subjects:
Kind Name Namespace
---- ---- ---------
User DevVan
vagrant@master-1:~$

Did I miss any? Help Appreciated.

Regards
Shao

Answers

  • Posts: 2,453

    Hi @caishaoping,

    I would revisit the rolebinding definition file, and check for typos.

    Regards,
    -Chris

  • Posts: 29

    Hi @chrispokorni,

    Indeed, there is typo on the User field in my rolebind.yaml, once corrected, all is so charming, as following.

    vagrant@master-1:~$ kubectl -n development edit rolebinding developer-role-binding
    rolebinding.rbac.authorization.k8s.io/developer-role-binding edited

    vagrant@master-1:~$ kubectl --context=DevDan-context get pods
    No resources found in development namespace.

    Thank you very much
    Shao

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Quick Links

Categories

Upcoming Training