Forbidden error while retrieving details of cluster using with REST kubernetes API

Question

Trying to retrieve details of the kubernetes cluster like namespaces and pod details using kubernetes API following doc

API:

<publicServiceEndpointURL>/api/v1/namespaces
Headers:
Authorization: bearer <id_token>

<id_token> - An IAM token generated.

will get an certificate error on postman with SSL certificate enabled else throwing 403 Forbidden error

Error: unable to verify the first certificate

Result with disabling SSL certificate verification.

{
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {},
    "status": "Failure",
    "message": "namespaces is forbidden: User \"system:anonymous\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope",
    "reason": "Forbidden",
    "details": {
        "kind": "namespaces"
    },
    "code": 403
}

Tried with curl and will result in same error

curl -k <publicServiceEndpointURL>/api/v1/namespaces -H "Authorization: Bearer <token>"

Error on chrome with API call

net::ERR_CERT_AUTHORITY_INVALID

How will i able to access this API?

Art Berger · Answer 1 · 2020-06-18T12:01:42.953

0

Do you have the right permissions to list namespaces in the cluster? If you log in as the same user via the CLI, for example, can you run kubectl get namespaces? It looks like a permissions error. The user would need IBM Cloud IAM Reader service role (which gives you RBAC view role) for all namespaces in the cluster.

edited Jun 18 '20 at 12:01

answered Jun 18 '20 at 11:45

Art Berger

37
4

Forbidden error while retrieving details of cluster using with REST kubernetes API

1 Answers1