Forbidden Kubernetes Resources

Cannot list namespaces or nodes in the Kubernetes dashboard

Codefresh is accessing your Kubernetes cluster via the standard Kubernetes API. As such, Codefresh needs correct RBAC privileges in order to work with the cluster. The service account used by Codefresh should have at least view privileges if you want to monitor your cluster and additional privileges if you also want to deploy.

Problem description

The issue occurs when you get errors in the Kubernetes dashboard view:

Kubernetes access error

Kubernetes access error

You might also get a more generic error:

Kubernetes unknown error

Kubernetes unknown error

This means that the service account you have connected in Codefresh does not have enough permission for your cluster.

The solution

You should check

  1. What service account Codefresh is using
  2. What role is assigned to this service account
  3. What access rights are possible with that role

You can see the role access with the standard kubectl commands:

kubectl get clusterrole codefresh-role -o yaml

Make sure that the privileges are at least those described in the integration page.