Forbidden errors when using kubectl run or get namespaces with minishift

Question

Forbidden errors when using kubectl run or get namespaces with minishift

Closed this issue 5 years ago · 3 comments

I've been following the installation doc using minishift and have hit "Forbidden" errors:

┌[alonzo] ~/ 
└> minishift version
minishift v1.31.0+cfc599c

┌[alonzo] ~/ 
└> minishift addons list
- admin-user			 : enabled	P(0)
- anyuid			 : enabled	P(0)
- admissions-webhook		 : disabled	P(0)
- che				 : disabled	P(0)
- htpasswd-identity-provider	 : disabled	P(0)
- redhat-registry-login		 : disabled	P(0)
- registry-route		 : disabled	P(0)
- xpaas				 : disabled	P(0)

┌[alonzo] ~/ 
└> oc login $(minishift ip):8443 -u admin -p admin
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

┌[alonzo] ~/ 
└> kubectl config set-context $(kubectl config current-context) --namespace=default
Context "/192-168-99-100:8443/admin" modified.

┌[alonzo] ~/ 
└> kubectl config current-context
/192-168-99-100:8443/admin

┌[alonzo] ~/ 
└> kubectl get namespaces
Error from server (Forbidden): namespaces is forbidden: User "admin" cannot list namespaces at the cluster scope: no RBAC policy matched

┌[alonzo] ~/ 
└> kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.10 --port=8080
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
Error from server (Forbidden): deployments.apps is forbidden: User "admin" cannot create deployments.apps in the namespace "default": no RBAC policy matched

Answer 1 · 2019-03-12T13:40:53.000Z

It could be that you are mixing minikube and minishift. Make sure the MINIKUBE_HOME and MINISHIFT_HOME env vars are unique in your shell. Also, you might need to clean out your $/.kube directory as it can contain 'cross references' between the two worlds

Answer 2 · 2019-04-14T20:36:19.000Z

It is also possible that your "admin" user was not created correctly AND your "oc login -u admin -p admin" ran too quickly. By default, minishift and oc login will create users automatically, including one named "admin" which is not in fact THE admin.

Answer 3 · 2019-10-03T06:29:45.000Z

One last tip, make sure your KUBECONFIG is set and it is best to keep the world's separated by having at least 2 of these