Question 84791 in Docker Question posted in
The official documentation can be found here.

kubernetes kubectl exec forbidden – Docker

I did a basic kubernetes installation, and added hello-world pod. When I try to kubectl exec, I get below error.

kubectl logs hello-world-pod1

Error from server (Forbidden): pods "hello-world-pod1" is forbidden: User "system:node:kubnode1" cannot get resource "pods/log" in API group "" in the namespace "default"

kubectl exec -it hello-world-pod1 -- /bin/sh

Error from server (Forbidden): pods "hello-world-pod1" is forbidden: User "system:node:kw1" cannot create resource "pods/exec" in API group "" in the namespace "default"

There is not any special installation, just basic instructions, and could not access shell of a basic pod, i researched internet but could not find any solution or source of error.

Tags:

2

Answers


  1. 0

    This is an access issue and it has nothing to do with the pod itself, you need to use the credentials which has access.
    You can use kubectl auth can-i command to check if you have access.

    You will get error if pod does not have the shell that you try to exec into but it is not "User "system:node:kw1" cannot create" error.

    Login or Signup to reply.
  2. 0

    Due to following error that appears in your case:

    Error from server: error dialing backend: dial tcp 10.0.2.46:10250: connect: no route to host

    I would suggest disabling the firewall on all nodes.
    To fix the problem for not disabled worker nodes firewall run:

    systemctl disable firewalld && systemctl stop firewalld
-Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1...
-Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.```

    See also references:

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search