FAQ: 403 when querying master node

[Banchio]

hi all, using this sdk in our ACS engine deployed cluster (we are planning migration to AKS) we are noticing a lot of request to the master node (generated by the sdk in the pods itself) that ends up with 403.
Cluster has RBAC with AAD integration enabled so I guess that this is to be expected. How can I make it work?
Thanks!

added: I guess this is the same in AKS when enabling RBAC integration with AAD

[xiaomi7732]

@Banchio Thanks for the asking. You will need to making sure the pod can access the root node by providing proper service account binding.

Please reference the following example for how to do the role bindings:

• Enable RBAC example
  Specifically, please follow this section:
• Setup the default Service Account for RBAC enabled cluster

Give it a shoot and let us know if that solves your problem or not.

[Banchio]

Thanks @xiaomi7732, we are going to test this out on new cluster in a week, if you prefer we can close the issue and reopen it after tests. Thanks again for the prompt answer!

[xiaomi7732]

Sure. Feel free to reactive this or open a new issue.

[xiaomi7732]

Another guide is added: https://github.com/microsoft/ApplicationInsights-Kubernetes/blob/develop/docs/configure-rbac-permissions.md