I am working on a plugin which uses kubernetes java client to do operations in kubernetes. I am using kubernetes client v4.1.2 and kubernetes v1.13. In my plugin I am giving the user option to login into kubernetes cluster using Basic Auth or Api token. Through API token I am able to login but unable to do so using Basic Authentication. I tried creating a user with username and password but When I try to login using those credentials, I get error message which says "namespaces is forbidden: User "system:anonymous" cannot list resource "namespaces" in API group "" at the cluster scope".
Can anybody help me in creating an user (Basic Auth) with appropriate permission to list the namespaces in kubernetes?
Thanks in advance
You should bind service account system:serviceaccount:default:default (which is the default account bound to Pod) with role cluster-admin, just create a yaml (named like fabric8-rbac.yaml) with following contents:
I solve it by create
# NOTE: The service account `default:default` already exists in k8s cluster.
# You can create a new account following like this:
#---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: <new-account-name>
# namespace: <namespace>
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: fabric8-rbac
subjects:
- kind: ServiceAccount
# Reference to upper's `metadata.name`
name: default
# Reference to upper's `metadata.namespace`
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
kubectl apply -f fabric8-rbac.yaml