Error from server (Forbidden): namespaces is forbidden: User "sso:<user.domain.com>" cannot create resource "namespaces" in API group "" at the cluster scope.
search cancel

Error from server (Forbidden): namespaces is forbidden: User "sso:<user.domain.com>" cannot create resource "namespaces" in API group "" at the cluster scope.

book

Article ID: 417723

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

Namespace creation is failing with the following error:
Error from server (Forbidden): namespaces is forbidden: User "sso:<user.domain.com>" cannot create resource "namespaces" in API group "" at the cluster scope.

Environment

vSphere Supervisor 8.0

Cause

The Namespace Service on the Supervisor Cluster may not be activated. If the Namespace Service is not active, users are restricted from creating new namespaces, resulting in the observed “forbidden” error.

Resolution

  1. Verify the status of the Namespace Service on the Supervisor Cluster. If it is not activated, enable the service and retry the namespace creation.
  2. Activating the Namespace Service restores the necessary functionality and permissions required for namespace creation, resolving the “forbidden” error.

Additional Information

Enable vSphere Namespace Creation Using Kubectl: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere-supervisor/7-0/enable-vsphere-namespace-creation-using-kubectl.html 

Powered by Wolken Software