K
Q

Kubernetes - Error from server (Forbidden): ... is forbidden:

4/3/2019

I'm trying to follow this istio tutorial, while I use google cloud. After I ran the istio.yaml, I got the following error:

Error from server (Forbidden): error when creating "istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar-injector-default" is forbidden: attempt to grant extra privileges

After looking online, I saw a solution on github community:

For the benefit of others who might run into this issue, I worked around the problem by running:

$ gcloud config set container/use_client_certificate True
$ export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True

Before running $ gcloud container clusters get-credentials ...

After I tried this solution, I got forbidden error for almost every command, i.e.:

$ kubectl get pods
Error from server (Forbidden): pods is forbidden: User "client" cannot list pods in the namespace "default"
$ kubectl get namespaces
Error from server (Forbidden): namespaces is forbidden: User "client" cannot list namespaces at the cluster scope

I tried use the solution on this stack overflow question, so I ran:

$gcloud config unset container/use_client_certificate
$gcloud container clusters get-credentials my-cluster

But I still got the forbidden error. Any idea?

-- Yagel
gcloud
google-kubernetes-engine
kubernetes

Similar Questions

helm patch default service account
Kubernetes job does not recognize environment
Installing kube-state-metrics into an existing cluster on GCE
POST larger than 400 Kilobytes payload to a container in Kubernetes fails
Knative - kubernetes yaml to mount data from google cloud storage

0 Answers