I had a friend grant me access to his kube cluster (hosted on IBM Cloud).
I can login via the IBM Cloud console
However when I try to access them via the kubectl: kubectl get nodes
results in an error message:
Error from server (Forbidden): nodes is forbidden: User "https://iam.ng.bluemix.net/kubernetes#" cannot list nodes at the cluster scope.
Why would the access (RBACs) be different between the console and the CLI?
As mentioned by code, you may not have enough privileges configured for your user in RBAC. Perhaps, you have a typo in the cluster-role-binding configuration for that user.
In this case, you have passed the authentication phase, but you have been blocked on the authorization phase trying to execute the “get” command.
If the user name in User "https://iam.ng.bluemix.net/kubernetes#"
has any capitalization, I'd suggest opening a ticket w/IBM. There are some cases where internal users have capital letters in their user name, which causes authentication issues.
In the meantime, you should still be able to use the CLI.
I am the dev lead for the IBM Kubernetes Service. You need to generate the RBAC on the cluster first. You can do this 2 ways.
ibmcloud ks cluster-config xxxx
where xxxx is the id of the cluster.