K
Q

Why is ClusterRole allowed to list_pod_for_all_namespaces() but not read_namespaced_pod_status

4/4/2019

I'm using Python and want to be able to check the status of a pod with:

kubernetes.client.CoreV1Api().read_namespaced_pod_status(name=name, namespace='default')

but this give my a forbidden, 403 response, while:

kubernetes.client.CoreV1Api().list_pod_for_all_namespaces()

works fine. The rights I have setup in a ClusterRole looks like this:

rules:
- apiGroups: ["", "extensions"]
  resources: ["pods", "services", "ingresses"]
  verbs: ["get", "watch", "list", "create", "delete"]

So what do I need to modify to make it work?

-- HackerBaloo
kubernetes
python

Similar Questions

Can't connect to MySQL Docker hosted on GCP Kubernetes Engine
Connect to Kubernetes server from another server
How to use multiple nodes for hazelcast kubernetes discovery plugin?
Getting container resource metrics from kubernetes cluster

1 Answer

4/4/2019

Pod's status is a sub-resource of the ["pod"] resource, so you have to define it for your ClusterRole as follows:

rules:
- apiGroups: ["", "extensions"]
  resources: ["pods","pods/status" "services", "ingresses"]
  verbs: ["get", "watch", "list", "create", "delete"]
-- A_Suh
Source: StackOverflow