Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get,

Question

[xueke@master-01 admin]$ kubectl logs nginx-deployment-76bf4969df-999x8 Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log nginx-deployment-76bf4969df-999x8)

[xueke@master-01 admin]$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.0.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

I specified the admin user here How do I need to modify it?

Prafull Ladha Prafull Ladha · Accepted Answer · 2019-01-08T07:33:53

The above error means your apiserver doesn't have the credentials (kubelet cert and key) to authenticate the kubelet's log/exec commands and hence the Forbidden error message.

You need to provide --kubelet-client-certificate=<path_to_cert> and --kubelet-client-key=<path_to_key> to your apiserver, this way apiserver authenticate the kubelet with the certficate and key pair.

For more information, have a look at:

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/#overview

Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get,

2 Answers