Kubelets that enforce authorization have known responses for permission errors. For example, if a request is authenticated but isn't authorized, the Kubelet will respond with: Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)

kubeletctl currently prints a generic error message for permission errors, so it can be hard to understand what's causing the error:

$ kubeletctl --token=<token> pods
[*] Failed to run HTTP request with error: invalid character 'F' looking for beginning of value

The actual error can be seen using --raw, but if you're not using kubeletctl regularly it's easy to forget about that. It would be awesome if kubeletctl could check whether a response is a known permission error, and if so print the full error by default.

Kubelet responses for permission errors

• Unauthenticated request or Authentication error - http.StatusUnauthorized (401), Unauthorized
• Unauthorized request - http.StatusForbidden (403), Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)
• Authorization error - http.StatusInternalServerError (500), Authorization error (user=%s, verb=%s, resource=%s, subresource=%s)