K
Q

kubernetes authentication issue on httpd pod

3/11/2021

keep getting this when trying to go to the web of a httpd pod, what permissions am i missing.

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "pods \"pod-httpd\" is forbidden: User \"system:anonymous\" cannot get resource \"pods\" in API group \"\" in the namespace \"default\"",
  "reason": "Forbidden",
  "details": {
    "name": "pod-httpd",
    "kind": "pods"
  },
  "code": 403
}
-- WillBrobin
kubernetes

Similar Questions

when is kubectl proxy necessary?
Is it possible to run kubeadm init command to ignore generating certificates?
kubernetes cron job which should run every 10mins and should delete the pods which are in "Terminating" state in all the namespaces in the cluster?
How to get bearer tokens in microk8s?
How to change interval time in Grafana to monitor Kubernetes?

1 Answer

3/11/2021

The error is clear User "system:anonymous" means k8s recognising you as anonymous user and that is why it is giving forbidden reason for accessing the desired resources.
So, when you do curl https://<ip>:<port>/<endpoint> you are using TLS for the communication. In this type of communication you need to provide your CA (certificate authority, who signed your certificate) certificate, and your certificate and key to the curl like below, because in TLS server-client need to be verified. 

curl https://<ip>:<port>/<endpoint> --key <your_key> --cert <your_cert>  --cacert <ca_cert>

N.B: here you means the client

-- Sahadat Hossain
Source: StackOverflow