Reputation: 219
Forbidden error while retrieving details of cluster using <publicServiceEndpointURL> with REST kubernetes API
Trying to retrieve details of the kubernetes cluster like namespaces and pod details using kubernetes API following doc
API:
<publicServiceEndpointURL>/api/v1/namespaces
Headers:
Authorization: bearer <id_token>
<id_token> - An IAM token generated.
will get an certificate error on postman with SSL certificate enabled else throwing 403 Forbidden error
Error: unable to verify the first certificate
Result with disabling SSL certificate verification.
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "namespaces is forbidden: User \"system:anonymous\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope",
"reason": "Forbidden",
"details": {
"kind": "namespaces"
},
"code": 403
}
Tried with curl and will result in same error
curl -k <publicServiceEndpointURL>/api/v1/namespaces -H "Authorization: Bearer <token>"
Error on chrome with API call
net::ERR_CERT_AUTHORITY_INVALID
How will i able to access this API?
Upvotes: 0
Views: 693
Answers (1)
Reputation: 37
Do you have the right permissions to list namespaces in the cluster? If you log in as the same user via the CLI, for example, can you run kubectl get namespaces? It looks like a permissions error. The user would need IBM Cloud IAM Reader service role (which gives you RBAC view role) for all namespaces in the cluster.
Upvotes: 0
Related Questions
- Kubernetes Java Client API Exception
- Unable to register node "node-name" with API server: Unauthorized
- Kubernetes unable to query kubernetes secret using API
- Accessing the cluster application using api server address on AKS
- API of Kubernetes in java: authentication error
- Can't access the Kubernetes apiserver from within a pod
- How to Access rest api (deployed in k8 cluster) via service name
- Kubernetes REST API
- Accessing the Kubernetes REST end points using bearer token
- How to create Kubernetes cluster on IBM Cloud with service ID?