Forbidden Kubernetes Resources
Cannot list namespaces or nodes in the Kubernetes dashboard
Codefresh is accessing your Kubernetes cluster via the standard Kubernetes API. As such, Codefresh needs correct RBAC privileges in order to work with the cluster. The service account used by Codefresh should have at least view privileges if you want to monitor your cluster and additional privileges if you also want to deploy.
Problem description
The issue occurs when you get errors in the Kubernetes dashboard view:
You might also get a more generic error:
This means that the service account you have connected in Codefresh does not have enough permission for your cluster.
The solution
You should check
- What service account Codefresh is using
- What role is assigned to this service account
- What access rights are possible with that role
You can see the role access with the standard kubectl
commands:
kubectl get clusterrole codefresh-role -o yaml
Make sure that the privileges are at least those described in the integration page.