I always get "Kubernetes Request Error: Forbidden" from Kubernetes (Services)


I'm using IntelliJ IDEA Ultimate 2019.3.4 with Kubernetes Plugin 193.6911.31 (2020-04-02).

The plugin seem to recognize my ~/.kube/config since my cluster name appear on the Kubernetes service window. 

The kubectl command from the shell works, so I'm sure the ~/.kube/config is funtioning. This is a ~/.kube/config to connect to a AWS EKS cluster so the setup is maybe different from a "regular" k8s cluster. The config is created following https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html so it contains a section like this:



So I wonder if there is any way to troubleshoot this. Like can I see what command is the Kubernetes plugins trying to execute to get the list of pods? 

Comment actions Permalink

In Help > Debug Log settings I added 



And now in ~/Library/Logs/IntelliJIdea2019.3/idea.log I can see

2020-04-06 13:04:31,062 [ 16582] DEBUG - nt.model.KubernetesCachedValue -
io.kubernetes.client.ApiException: Forbidden
at io.kubernetes.client.ApiClient.handleResponse(ApiClient.java:882)
at io.kubernetes.client.ApiClient$1.onResponse(ApiClient.java:837)
at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177)
at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
which doesn't tell me much. 
I'm guessing that the problem is that my ~/.kube/config requires to execute aws --region eu-west-1 eks get-token --cluster-name xxxx , The aws executable is in the PATH  at /usr/local/bin/aws but I'm suspecting that IntelliJ IDEA is not able to find it
Comment actions Permalink

Ok I've fixed the problem by just giving the full path to aws cli executable in ~/.kube/config

- name: xxx
command: /usr/local/bin/aws

Please sign in to leave a comment.