This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to access logs or exec into pods of GKE

Posted on 04-12-2023 10:06 PM
chetanrathoretl
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am running Cassandra cluster on a GKE version 1.22.17-gke.4000. It was all working fine though the APIs are deprecated, just yesterday when i tried to check the logs of a pod, I encountered the following issue:

Error from server (InternalError): Internal error occurred: Authorization error (user=kube-apiserver, verb=get, resource=nodes, subresource=proxy)

Eventually, I realized that this is happening for exec command as well. Not sure what changed suddenly that I am facing this issue. 

Please help.

0 1 612
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Willbin
Staff
Reply posted on --/--/---- --:-- AM

Hello chetanrathoretl,

Welcome to GCC!

The kube-apiserver failed to access the kubelet and RBAC rules might be corrupted.

You need to grant the user kube-apiserver to the resource node that kubelet provides by creating ClusterRole and ClusterRoleBinding.

Here  are some examples of RBAC API Obects that can serve as your reference in using ClusterRole and ClusterRoleBinding. 

Additional info:
Best practices for GKE RBAC
Authorize actions in clusters using RBAC

0 Likes
Top Labels in this Space
Top Solution Authors
View all