In kubernetes not able to attach to container in a pod
I am not able to attach to a container in a pod. Receiving below message
Error from server (Forbidden): pods "sleep-76df4f989c-mqvnb" is forbidden: cannot exec into or attach to a privileged container
Could someone please let me what i am missing?
kubernetes
add a comment |
I am not able to attach to a container in a pod. Receiving below message
Error from server (Forbidden): pods "sleep-76df4f989c-mqvnb" is forbidden: cannot exec into or attach to a privileged container
Could someone please let me what i am missing?
kubernetes
add a comment |
I am not able to attach to a container in a pod. Receiving below message
Error from server (Forbidden): pods "sleep-76df4f989c-mqvnb" is forbidden: cannot exec into or attach to a privileged container
Could someone please let me what i am missing?
kubernetes
I am not able to attach to a container in a pod. Receiving below message
Error from server (Forbidden): pods "sleep-76df4f989c-mqvnb" is forbidden: cannot exec into or attach to a privileged container
Could someone please let me what i am missing?
kubernetes
kubernetes
asked Nov 13 '18 at 20:39
chiluchilu
62
62
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
This seems to be a permission (possibly RBAC) issue.
See Kubernetes pod security-policy.
For instance gluster/gluster-kubernetes
issue 432 points to Azure PR 1961, which disable the cluster-admin
rights (although you can customize/override the admission-controller flags passed to the API server).
So it depends on the nature of your Kubernetes environment.
add a comment |
I have not enabled RBAC at all. What I have done is that i have enabled istio and all the pods are now running with side car.
I am not able to attach or exec to pods which have istio.
I am able to attach or exec which do not have istio proxy side car.
Need help here.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53289149%2fin-kubernetes-not-able-to-attach-to-container-in-a-pod%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This seems to be a permission (possibly RBAC) issue.
See Kubernetes pod security-policy.
For instance gluster/gluster-kubernetes
issue 432 points to Azure PR 1961, which disable the cluster-admin
rights (although you can customize/override the admission-controller flags passed to the API server).
So it depends on the nature of your Kubernetes environment.
add a comment |
This seems to be a permission (possibly RBAC) issue.
See Kubernetes pod security-policy.
For instance gluster/gluster-kubernetes
issue 432 points to Azure PR 1961, which disable the cluster-admin
rights (although you can customize/override the admission-controller flags passed to the API server).
So it depends on the nature of your Kubernetes environment.
add a comment |
This seems to be a permission (possibly RBAC) issue.
See Kubernetes pod security-policy.
For instance gluster/gluster-kubernetes
issue 432 points to Azure PR 1961, which disable the cluster-admin
rights (although you can customize/override the admission-controller flags passed to the API server).
So it depends on the nature of your Kubernetes environment.
This seems to be a permission (possibly RBAC) issue.
See Kubernetes pod security-policy.
For instance gluster/gluster-kubernetes
issue 432 points to Azure PR 1961, which disable the cluster-admin
rights (although you can customize/override the admission-controller flags passed to the API server).
So it depends on the nature of your Kubernetes environment.
answered Nov 13 '18 at 20:42
VonCVonC
837k29426513188
837k29426513188
add a comment |
add a comment |
I have not enabled RBAC at all. What I have done is that i have enabled istio and all the pods are now running with side car.
I am not able to attach or exec to pods which have istio.
I am able to attach or exec which do not have istio proxy side car.
Need help here.
add a comment |
I have not enabled RBAC at all. What I have done is that i have enabled istio and all the pods are now running with side car.
I am not able to attach or exec to pods which have istio.
I am able to attach or exec which do not have istio proxy side car.
Need help here.
add a comment |
I have not enabled RBAC at all. What I have done is that i have enabled istio and all the pods are now running with side car.
I am not able to attach or exec to pods which have istio.
I am able to attach or exec which do not have istio proxy side car.
Need help here.
I have not enabled RBAC at all. What I have done is that i have enabled istio and all the pods are now running with side car.
I am not able to attach or exec to pods which have istio.
I am able to attach or exec which do not have istio proxy side car.
Need help here.
answered Nov 29 '18 at 23:11
chiluchilu
62
62
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53289149%2fin-kubernetes-not-able-to-attach-to-container-in-a-pod%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown