Access to Kubernetes in IBM Cloud

0
votes

I had a friend grant me access to his kube cluster (hosted on IBM Cloud).

I can login via the IBM Cloud console

Access to Worker node

However when I try to access them via the kubectl: kubectl get nodes

results in an error message:

Error from server (Forbidden): nodes is forbidden: User "https://iam.ng.bluemix.net/kubernetes#" cannot list nodes at the cluster scope.

Why would the access (RBACs) be different between the console and the CLI?

3
kubernetesibm-cloudkubectlkubernetes-dashboardibm-iam
How did you get the config for kubectl? One possible reason could be that the current user in the CLI mode doesn't have cluster-role-binding permission context and cluster?code
The config is obtained via the ibmcloud cs cluster-config devworks-cluster command.Manglu
What IAM role do you have in your friend's cluster?bhpratt

3 Answers

1
votes

I am the dev lead for the IBM Kubernetes Service. You need to generate the RBAC on the cluster first. You can do this 2 ways.

  1. Goto the access tab in the UI and click download cluster config.
  2. Or use the cli and run ibmcloud ks cluster-config xxxx where xxxx is the id of the cluster.
0
votes

If the user name in User "https://iam.ng.bluemix.net/kubernetes#" has any capitalization, I'd suggest opening a ticket w/IBM. There are some cases where internal users have capital letters in their user name, which causes authentication issues.

In the meantime, you should still be able to use the CLI.

0
votes

As mentioned by code, you may not have enough privileges configured for your user in RBAC. Perhaps, you have a typo in the cluster-role-binding configuration for that user.

In this case, you have passed the authentication phase, but you have been blocked on the authorization phase trying to execute the “get” command.