0

I am trying to terminate the namespace argo in Kubernetes. In the past, I have succesfully followed the directions found here Kubernetes Namespaces stuck in Terminating status

this time, however, I am getting the following error message. What does it mean and how can I work around this?

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "namespaces \"argo\" is forbidden: User \"system:anonymous\" cannot update resource \"namespaces/finalize\" in API group \"\" in the namespace \"argo\"",
  "reason": "Forbidden",
  "details": {
    "name": "argo",
    "kind": "namespaces"
  },
  "code": 403
}
user3877654
  • 1,045
  • 1
  • 16
  • 40

2 Answers2

1

You need to use an authenticated user that has permissions for the subresource (or more often, for *).

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Follow-up question. I only have two users - both authenticated by key. Neither one is able to successfully execute the terminate command. How did I install argo in the first place and how do I terminate in this situation? – user3877654 Sep 17 '21 at 12:01
  • If you've ever tinkered with Argo Workflows, you might have used `kubectl create ns argo` from their documentation. – crenshaw-dev Sep 17 '21 at 12:42
  • @MichaelCrenshaw have been working with Argo Workflows for a while and am learning how to properly secure my system. I suspect this is the reason for my current problem - Argo stopped responding. I want to reinstall it, but the namespace will not terminate. – user3877654 Sep 17 '21 at 13:12
0

You need to use an authenticated user, such as kubuctl's user

cat /root/.kube/config |grep client-certificate-data | awk -F ' ' '{print $2}' |base64 -d > ./kubectl.crt
cat /root/.kube/config |grep client-key-data | awk -F ' ' '{print $2}' |base64 -d > ./kubectl.key
curl --cert ./kubectl.crt --key ./kubectl.key -k ...
katepangliu
  • 1