My private AKS Cluster is accessible only to the root user using kubectl on a jumphost. But for a non-root user it throws below error message:
someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group " " at the cluster scope
How to resolve this error?
in this case solution was to delete the old config from $HOME/.kube/ and re-initialize it after az login with the user in question
It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl or kubelogin.
I followed below steps for both -- root as well as non-root user and after kubectl worked successfully.
root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli
someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli
© 2022 - 2024 — McMap. All rights reserved.
kubeloginto/usr/bin. Did not made anykubeconfig. – Hoardingaz loginandkubelogin convertsteps for the user – Binauralconfigandcachefrom the$HOME/.kube/*and later re-initialized the config afteraz login. And it worked. – Hoarding