Forbidden Kubernetes resources
Cannot list namespaces or nodes in the Kubernetes dashboard
Issue
Errors in the Kubernetes dashboard view:
OR
Generic error:
Possible causes
The service account you have connected in Codefresh does not have enough permissions for your cluster.
Codefresh accesses your Kubernetes cluster via the standard Kubernetes API. As such, to work with the cluster, Codefresh needs correct RBAC privileges.
Solution
To moinitor the cluster, the service account used by Codefresh should have at least view privileges, and to also deploy to the cluster, the service account requires additional privileges.
Check the following:
- What service account Codefresh uses
- What role is assigned to this service account
- What access rights are possible with that role
You can see the role access with the standard kubectl
commands:
kubectl get clusterrole codefresh-role -o yaml
Make sure that the privileges are at least those described in the integration page:
See The proper secure way and The proper/secure way for Kubernetes Cluster 1.24+.