Access to Kubernetes in IBM Cloud

6/6/2018

I had a friend grant me access to his kube cluster (hosted on IBM Cloud).

I can login via the IBM Cloud console

Access to Worker node

However when I try to access them via the kubectl: kubectl get nodes

results in an error message:

Error from server (Forbidden): nodes is forbidden: User "https://iam.ng.bluemix.net/kubernetes#" cannot list nodes at the cluster scope.

Why would the access (RBACs) be different between the console and the CLI?

-- Manglu
ibm-cloud
ibm-iam
kubectl
kubernetes
kubernetes-dashboard

3 Answers

6/6/2018

As mentioned by code, you may not have enough privileges configured for your user in RBAC. Perhaps, you have a typo in the cluster-role-binding configuration for that user.

In this case, you have passed the authentication phase, but you have been blocked on the authorization phase trying to execute the “get” command.

-- VAS
Source: StackOverflow

6/6/2018

If the user name in User "https://iam.ng.bluemix.net/kubernetes#" has any capitalization, I'd suggest opening a ticket w/IBM. There are some cases where internal users have capital letters in their user name, which causes authentication issues.

In the meantime, you should still be able to use the CLI.

-- bhpratt
Source: StackOverflow

8/14/2019

I am the dev lead for the IBM Kubernetes Service. You need to generate the RBAC on the cluster first. You can do this 2 ways.

  1. Goto the access tab in the UI and click download cluster config.
  2. Or use the cli and run ibmcloud ks cluster-config xxxx where xxxx is the id of the cluster.
-- Jeff Sloyer
Source: StackOverflow