What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
Symptom
When you use the cluster federation and run the kubectl command, the following information is displayed.
Possible Cause
The resource object ClusterRole or ClusterRoleBinding is deleted. If this occurs in one or more member clusters in a federation, the kubectl command request is interrupted and the error is returned.
Solution
Recreate the resource objects ClusterRole and ClusterRoleBinding.
The following is an example YAML file of ClusterRole. Replace {clusterName} with the name of the member cluster.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: karmada-controller-manager:karmada-{clusterName} rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - get
The following is an example YAML file of ClusterRoleBinding. Replace {clusterName} with the name of the member cluster and {karmada-manage-namespace} with the name of the namespace managed by Karmada. You can run the kubectl get ns|grep karmada command to obtain the namespace name.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: karmada-controller-manager:karmada-{clusterName} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: karmada-controller-manager:karmada-{clusterName} subjects: - kind: ServiceAccount name: karmada-{clusterName} namespace: {karmada-manage-namespace}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot