Help Center/ Ubiquitous Cloud Native Service/ FAQs/ Fleets/ What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
Updated on 2025-11-17 GMT+08:00
View PDF
Share

What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?

Symptom

When you use the cluster federation and run the kubectl command, the following information is displayed:

Possible Cause

The resource object ClusterRole or ClusterRoleBinding is deleted. If this occurs in one or more member clusters in a federation, the kubectl command request is interrupted and the error is returned.

Solution

Recreate ClusterRole or ClusterRoleBinding.

The following is an example YAML file of ClusterRole. Replace {clusterName} with the name of the member cluster.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: karmada-controller-manager:karmada-{clusterName}
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - get

The following is an example YAML file of ClusterRoleBinding. Replace {clusterName} with the name of the member cluster and {karmada-manage-namespace} with the name of the namespace managed by Karmada. You can run the kubectl get ns|grep karmada command to obtain the namespace name.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: karmada-controller-manager:karmada-{clusterName}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: karmada-controller-manager:karmada-{clusterName}
subjects:
- kind: ServiceAccount
  name: karmada-{clusterName}
  namespace: {karmada-manage-namespace}
Parent topic: Fleets