Got a question about one of my favorite commands: oc get
When it comes to listing resources, oc get works like a ballerina
(or a danseur - don't want to leave the males out). However, when
it comes to listing certain resources, oc get gives me some push
back, and it's not quite on its toes. The typical push back message
ends like this:
....in API group "" at the cluster scope
Okay, what do I have to do to overcome this?
Thanks in advance!
You are probably facing some permissions issue in your 'admin' user. Can you describe what permissions this user has? Have you tried performing the same commands under the kubeadmin default user?
You can check if it's a permissions issue with:
➜ oc whoami
# (means: kubeadmin)
➜ oc get nodes
NAME STATUS ROLES AGE VERSION
sno Ready master,worker 85d v1.24.6+deccab3
➜ oc auth can-i get node
Warning: resource 'nodes' is not namespace scoped
I've definitely got a permissions issue with the account
Executing "$ oc get nodes" has been giving me
the following pushback forever:
...cannot list resource "nodes" in API group "" at the cluster scope
Executing "$ oc auth can-i get node" politely tells
How can I go about logging in using that kubeadmin
account? I don't know the password for this one.
In addition to what @Fran_Garcia mentioned , seeing the APi message , Please check the connectivity to API , check your API resources and also check the necessary permission in your cluster configuration. by necessary permission I mean check the current user and context and the corresponding role bindings.
I've always known what my current user is.
My challenge is getting him setup to do all
that needs to be done.
What role bindings should the current user
have in order to be able to get proper output
from the "oc get nodes" command? I'm just
using that one as example. It's not the only
"oc get" command that won't provide me the
Hi @Trevor ,
Atleast the "view" role binding is required for the cluster for that user. Give the user the "view" role , if it doesnot have, by : oc adm policy add-cluster-role-to-user view <user> and then see if it can get the desired results like ( oc get nodes ) .