Help Center/ Ubiquitous Cloud Native Service/ FAQs/ Fleets/ What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
Updated on 2024-09-11 GMT+08:00

What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?

Symptom

When you use the cluster federation and run the kubectl command, the following information is displayed.

Possible Cause

The resource object ClusterRole or ClusterRoleBinding is deleted. If this occurs in one or more member clusters in a federation, the kubectl command request is interrupted and the error is returned.

Solution

Recreate the resource objects ClusterRole and ClusterRoleBinding.

The following is an example YAML file of ClusterRole. Replace {clusterName} with the name of the member cluster.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: karmada-controller-manager:karmada-{clusterName}
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - get

The following is an example YAML file of ClusterRoleBinding. Replace {clusterName} with the name of the member cluster and {karmada-manage-namespace} with the name of the namespace managed by Karmada. You can run the kubectl get ns|grep karmada command to obtain the namespace name.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: karmada-controller-manager:karmada-{clusterName}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: karmada-controller-manager:karmada-{clusterName}
subjects:
- kind: ServiceAccount
  name: karmada-{clusterName}
  namespace: {karmada-manage-namespace}