openyurtio
[Question]kubectl get resource error
What happened:
kubectl get ds -A
Error from server (Forbidden): daemonsets.apps is forbidden: User "system:node:ubuntu" cannot list resource "daemonsets" in API group "apps" at the cluster scope
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
-
OpenYurt version: 0.7
-
Kubernetes version (use
kubectl version):
kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:21:44Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:16:25Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
-
OS (e.g:
cat /etc/os-release): NAME="Ubuntu" VERSION="16.04 LTS (Xenial Xerus)" -
Kernel (e.g.
uname -a): 4.9.0-141-custom -
Install tools: OpenYurt Experience Center
-
Others:
others /kind question
@luojieio Thank you for raising issue. It looks like you run kubectl get ds -A command on the edge nodes, so system:node:ubuntu user was used unintentionally. because group system:nodes has no privilege to list DaemonSet resource, so you got error like the above message.
maybe you need to use the cluster kubeconfig to list DaemonSet.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}