I use rancher to manager the k8s cluster to allow only access some specific project/namespace, it works good except it gots annoying error messages
$ kubectl get all NAME READY STATUS RESTARTS AGE pod/nginx-64cf74bdcb-vmssn 1/1 Running 0 14m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/nginx NodePort 10.100.132.26 80:32318/TCP 14m
NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/nginx 1/1 1 1 14m
NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-contiki-64cf74bdcb 1 1 1 14m Error from server (Forbidden): users.jenkins.io is forbidden: User "u-4foykbynfi" cannot list resource "users" in API group "jenkins.io" in the namespace "sandbox" Error from server (Forbidden): facts.jenkins.io is forbidden: User "u-4foykbynfi" cannot list resource "facts" in API group "jenkins.io" in the namespace "sandbox" ...
This user just wants to check the all resource on its own namespace, though it doesn't have permission to other API group, but can we just skip this check?
How can I configure in rancher or k8s to not show this error msg (or exit code)
env
Actually, when you invoke kubectl get all command, k8s looks through resources catalog bounded to all category. You can add this category for each custom object CRD, supplying particular CustomResourceDefinition resource definition as described here.
However, you can't change the kubectl get command approach, you may apply only certain filters or customize printed output.
If your aim only with getting output of kubectl get all to stdout avoiding error records, you can probably redirect stderr to /dev/null :
$ kubectl get all 2>/dev/nullOr even fetch exit code for the previous command via echo $?.
You can also add --as flag to kubectl get command in order to impersonate resource owner:
$ kubectl get all --as=<username>