I’m trying to hit the node status API and getting the following error:
send: b’GET /k8s/clusters/some_ID/api/v1/nodes/some_node_name/status HTTP/1.1\r\nHost: rancher.cluster.com\r\nAccept-Encoding: identity\r\nAccept: application/json\r\nUser-Agent: OpenAPI-Generator/11.0.0/python\r\nauthorization: Bearer kubeconfig-u-…\r\nContent-Type: application/json\r\n\r\n’
reply: ‘HTTP/1.1 403 Forbidden\r\n’
The account i’m using has the following cluster permission:
- View All Projects
- View Nodes
- View Cluster Members
- View Cluster Catalogs
It also has the global role:
- User Base
I would have expected that it could then hit the required APIs.
Is it possible to troubleshoot the permissions this account has vs what is required?
I’ve seen in this article that this kind of info is shared between rancher and k8s, but i guess i dont have access to that…?
I have tried with the same user account from kubectl e.g. “kubectl get nodes”. this works and provides the status info… but when i use --v=9, i dont see any call to /nodes/status,… so it must happen backend in kubectl…