Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Can't list pods with load_incluster_config() #605

New issue
New issue
Closed
Closed
Can't list pods with load_incluster_config()#605
@zybjcdl

Description

@zybjcdl
zybjcdl
opened on Aug 22, 2018

I tried following example inside a running pod to list pods

from kubernetes import client, config

 
 def main():
     config.load_incluster_config()
     v1 = client.CoreV1Api()
     print("Listing pods with their IPs:")
     ret = v1.list_pod_for_all_namespaces(watch=False)
     for i in ret.items:
         print("%s\t%s\t%s" %
               (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
 if __name__ == '__main__':
     main()

It report following error:

ret = v1.list_pod_for_all_namespaces(watch=False)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py", line 13589, in list_pod_for_all_namespaces
(data) = self.list_pod_for_all_namespaces_with_http_info(**kwargs)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py", line 13686, in list_pod_for_all_namespaces_with_http_info
collection_formats=collection_formats)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 321, in call_api
_return_http_data_only, collection_formats, _preload_content, _request_timeout)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 155, in __call_api
_request_timeout=_request_timeout)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 342, in request
headers=headers)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/rest.py", line 231, in GET
query_params=query_params)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/rest.py", line 222, in request
raise ApiException(http_resp=r)
kubernetes.client.rest.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Wed, 22 Aug 2018 07:56:15 GMT', 'Content-Length': '243'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User "system:serviceaccount:default:default" cannot list pods at the cluster scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}

I get the configuration setting ,it shows like below:
host:https://172.21.0.1:443
api_key:{"authorization": "bearer <api_key>"}
api_key_prefix:{}
username:
password:
verify_ssl:True
ssl_ca_cert:/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
safe_chars_for_path_param:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions