Sunday, November 29, 2020

Code error 403 when trying to access Kubernetes cluster | Jenkins Kubernetes Deployment

When ever you are doing deployment from Jenkins to EKS cluster, you may get this error: 

Api call failed with code 403, detailed message: {
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },

"status": "Failure",
  "message": "namespaces is forbidden: User \"system:anonymous\" cannot list namespaces at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "kind": "namespaces"
  },
  "code": 403 
Work around or the fix: 

You get this error because you're getting blocked by RBAC policies. Basically, RBAC policies set to restrict the resources you use and limits a few of your action. 

There are two possibilities, either you haven't created an RBAC or it's somehow restricting the cluster access.

By default, your clusterrolebinding has system:anonymous set which blocks the cluster access.

Execute the following command, it will set a clusterrole as cluster-admin which will give you the required access.

kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous

 
-
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Coach AK Master DevSecOps BootCamp FAQs | Master AWS and Azure Cloud computing Program by Coach AK

(More New Topics..New CICD tool included - GitHub Action, Trivy, Checkov Security scanner! ) 1. How many weeks is this DevSecOps Coaching pr...