'kubernetes kubectl exec forbidden
I did a basic kubernetes installation, and added hello-world pod. When I try to kubectl exec, I get below error.
kubectl logs hello-world-pod1
Error from server (Forbidden): pods "hello-world-pod1" is forbidden: User "system:node:kubnode1" cannot get resource "pods/log" in API group "" in the namespace "default"
kubectl exec -it hello-world-pod1 -- /bin/sh
Error from server (Forbidden): pods "hello-world-pod1" is forbidden: User "system:node:kw1" cannot create resource "pods/exec" in API group "" in the namespace "default"
There is not any special installation, just basic instructions, and could not access shell of a basic pod, i researched internet but could not find any solution or source of error.
Solution 1:[1]
This is an access issue and it has nothing to do with the pod itself, you need to use the credentials which has access.
You can use kubectl auth can-i command to check if you have access.
You will get error if pod does not have the shell that you try to exec into but it is not "User "system:node:kw1" cannot create" error.
Solution 2:[2]
Due to following error that appears in your case:
Error from server: error dialing backend: dial tcp 10.0.2.46:10250: connect: no route to host
I would suggest disabling the firewall on all nodes. To fix the problem for not disabled worker nodes firewall run:
systemctl disable firewalld && systemctl stop firewalld
-Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1...
-Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.```
See also references:
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | ffran09 |
| Solution 2 | kkopczak |