Service account failed to get pods although it has permissions "Error from server (Forbidden): ..."
The Role.yaml needed to have also list
:
kind: RoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata: namespace: default name: my-rolerules: - apiGroups: ["", "extensions", "apps"] resources: ["pods"] verbs: ["get", "list"]
get
is a permission to get an individual item and list
is permission to get all itmes.
Now it works when run:
kubectl get pods --context=myservice3-context
OR
curl -k -v -H "Authorization: Bearer <JWT_token> " https://127.0.0.1:6443/api/v1/namespaces/default/pods