My private AKS Cluster is accessible only to the root user using kubectl on a jumphost. But for a non-root user it throws below error message:
someuser@jump-vm$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "XX-XX-XX-XX-XX" cannot list resource "XX" in API group " " at the cluster scope
How to resolve this error?
On
It seems the Azure VM from the private AKS cluster was being accessed was set to automatic restart which caused some issue with kubectl or kubelogin.
I followed below steps for both -- root as well as non-root user and after kubectl worked successfully.
root@jump-vm# cd ~ && cd .kube/
root@jump-vm# rm -r cache && rm config
root@jump-vm# az login --tenant <tenant-id>
root@jump-vm# az account set --subscription <subscription-id>
root@jump-vm# az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
root@jump-vm# kubelogin convert-kubeconfig -l azurecli
someuser@jump-vm$ cd ~ && cd .kube/
someuser@jump-vm$ rm -r cache && rm config
someuser@jump-vm$ az login --tenant <tenant-id>
someuser@jump-vm$ az account set --subscription <subscription-id>
someuser@jump-vm$ az aks get-credentials --resource-group <resource-group-name> --name <aks-clutser-name>
someuser@jump-vm$ kubelogin convert-kubeconfig -l azurecli
in this case solution was to delete the old config from
$HOME/.kube/and re-initialize it afteraz loginwith the user in question