pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"

1/5/2020

I am trying to setup Kubernetes on Ubuntu 18.04 by following this article.

Everything works fine but when I am trying to access local Kubernetes dashboard then it shows empty and nothing is visible like pods,services & deployments.

However when I am running

gt; kubectl get pods,svc,deployments then it shows following output.If command line is showing all the details why I am seeing empty Kubernetes dashboard?

I already ran following commands

gt; kubectl apply -f https:
//raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
gt; kubectl proxy

Am I missing any configuration here? Any suggestions to fix this issue?

gt;
kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kubernetes-dashboard dashboard-metrics-scraper-76585494d8-4rrdp 1/1 Running 3 46h kubernetes-dashboard kubernetes-dashboard-5996555fd8-sxgxf 1/1 Running 16 46h

After looking at the notification section, found these errors

  1. events is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "events" in API group "" in the namespace "default"

  2. pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"


Update 1:

its working now after applying RBAC kubectl apply -f filename.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
-- CodeRunner
docker
kubernetes
ubuntu
ubuntu-18.04

1 Answer

1/6/2020

You probably need to bind the dashboard service account to the cluster admin role:

kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa

Otherwise, the dashboard services account doesn't have access to the data that would populate the dashboard.

-- Nice-Guy
Source: StackOverflow