kubernetes pods/nodes is forbidden

Question

hi i am using on prem kubernetes and i am getting the following errors

==> /var/log/gitlab/prometheus/current <==
2018-12-24_03:06:08.88786 level=error ts=2018-12-24T03:06:08.887812767Z caller=main.go:240 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:372: Failed to list *v1.Node: nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list resource \"nodes\" in API group \"\" at the cluster scope"
2018-12-24_03:06:08.89075 level=error ts=2018-12-24T03:06:08.890719525Z caller=main.go:240 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:320: Failed to list *v1.Pod: pods is forbidden: User \"system:serviceaccount:default:default\" cannot list resource \"pods\" in API group \"\" at the cluster scope"

Any help would be appreciated

Answer 1

hi, your logs suggest that your account does not have the required permissions use the below-given configuration to provide permission to access pods or node is any given namespace 

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  name: prom-admin

rules:

# Just an example, feel free to change it

- apiGroups: [""]

  resources: ["pods", "nodes"]

  verbs: ["get", "watch", "list"]

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: prom-rbac

subjects:

- kind: ServiceAccount

  name: default

roleRef:

  kind: ClusterRole

  name: prom-admin

  apiGroup: rbac.authorization.k8s.io

hope this helps, also you should checkout few Kubernetes training to help you enhance your skills