kubectl command to GKE-Autopilot sometimes return forbidden error

240 Views Asked by Ryo At 17 April 2025 at 13:30

env

GKE Autopilot v1.22.12-gke.2300
use kubectl command from ubuntu2004 VM
use gke-gcloud-auth-plugin

what happens

kubectl command sometimes return (Forbidden) error. e.g.)

kubectl get pod

Error from server (Forbidden): pods is forbidden: User "[email protected]" cannot list resource "pods" in API group "" in the namespace "default": GKEAutopilot authz: the request was sent before policy enforcement is enabled

It happens not always, so it must not be IAM problem. (it happens about 40%).
Before, I thinks it was GKE Autopilot v1.21.xxxx, this error didn't happen; at least not such frequently.

I couldn't find any helpful info even if I searched "GKEAutopilot authz", or "the request was sent before policy enforcement is enabled"

I wish if someone who faced to same issue has any idea.

Thank you in advance

Original Q&A

There are 1 best solutions below

Ryo On 25 November 2022 at 02:07

I asked google cloud support. They said it's bug on GKE master, and was fixed by them.

This problem doesn't happen anymore

kubectl command to GKE-Autopilot sometimes return forbidden error

env

what happens

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-KUBERNETES-ENGINE

Related Questions in AUTOPILOT

Trending Questions

Popular # Hahtags

Popular Questions