Reputation: 1
Not able to fetch namespace, nodes & pods data from Alibaba cluster
I have created a cluster on Alibaba.
I need to fetch cluster data in the Golang project.
Getting below error from API:
{
"Code": 403,
"Message": "namespaces is forbidden: User \"281247226166595041\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope"
}
Tried accessing it via kubectl:
$ kubectl get namespace
Error from server (Forbidden): namespaces is forbidden: User "225396037912844073" cannot list resource "namespaces" in API group "" at the cluster scope
Not able to fetch data for cluster created by another user.
Please help me with this issue.
Upvotes: 0
Views: 705
Answers (1)
Reputation: 30113
That's issue of authentication
Your user doesn't have access to list that namespace.
You need to update the RBAC or user access, or however, you are authenticating the Go client into Kubernetes.
If you are using the service account to give access check the RBAC.
Give service account cluster-admin access
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: <new-account-name>
namespace: <namespace>
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: go-rbac
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
kubectl apply -f .yaml
If you are running outside the cluster make sure your script pointing to correct kubeconfig
package main
import (
"fmt"
"k8s.io/client-go/1.5/kubernetes"
"k8s.io/client-go/1.5/pkg/api/v1"
"k8s.io/client-go/1.5/tools/clientcmd"
)
func main() {
config, err := clientcmd.BuildConfigFromFlags("", <kube-config-path>)
if err != nil {
return nil, err
}
c, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}
Running inside the custer
package main
import (
"context"
"fmt"
"time"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
//
// Uncomment to load all auth plugins
// _ "k8s.io/client-go/plugin/pkg/client/auth"
//
// Or uncomment to load specific auth plugins
// _ "k8s.io/client-go/plugin/pkg/client/auth/azure"
// _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
// _ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
// _ "k8s.io/client-go/plugin/pkg/client/auth/openstack"
)
func main() {
// creates the in-cluster config
config, err := rest.InClusterConfig()
if err != nil {
panic(err.Error())
}
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}
Example : https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go
Upvotes: 0
Related Questions
- kubectl get nodes shows NotReady
- In Cluster Config is unable to get pods when deployed in a non-default namespace
- I cannot load the node information on kubernetes
- EKS Kubernetes cannot list resource "namespaces" in API group "" at the cluster scope
- Error response from daemon: No such container
- kubernetes pods is forbidden: User "user1" cannot list pods in the namespace "stage"
- kubernetes localhost:8080 was refused with context
- Alibaba Cloud Managed Kubernetes Terraform
- Cannot list Nodes or namespaces
- Kubernetes Go API