Deployment on kubernetes 1.20 fails with customresourcedefinitions Forbidden #1979
Replies: 1 comment 3 replies
-
|
Hello! I assume that either deploying it to the |
Beta Was this translation helpful? Give feedback.
-
|
Crap, thanks for the catch |
Beta Was this translation helpful? Give feedback.
-
|
Did not seem to help: kubectl get rolebinding -n dex NAME READY STATUS RESTARTS AGE time="2021-02-10T22:37:44Z" level=error msg="creating custom resource authcodes.dex.coreos.com: POST https://10.96.0.1:443/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions Forbidden: response from server "{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:dex:dex" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope","reason":"Forbidden","details":{"group":"apiextensions.k8s.io","kind":"customresourcedefinitions"},"code":403}"" |
Beta Was this translation helpful? Give feedback.
-
|
Seems like a slightly different error though. Instead of Forbidden it is not found... |
Beta Was this translation helpful? Give feedback.
-
time="2021-02-10T21:36:28Z" level=info msg="kubernetes client apiVersion = dex.coreos.com/v1"
time="2021-02-10T21:36:28Z" level=info msg="creating custom Kubernetes resources"
time="2021-02-10T21:36:28Z" level=error msg="creating custom resource authcodes.dex.coreos.com: POST https://10.96.0.1:443/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions Forbidden: response from server "{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"customresourcedefinitions.apiextensions.k8s.io is forbidden: User \"system:serviceaccount:dex:dex\" cannot create resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope","reason":"Forbidden","details":{"group":"apiextensions.k8s.io","kind":"customresourcedefinitions"},"code":403}""
Not sure why I am seeing the errors. Cluster role exists:
piVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dex
rules:
resources: [""]
verbs: [""]
resources: ["customresourcedefinitions"]
verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dex
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dex
subjects:
name: dex # Service account assigned to the dex pod, created above
namespace: dex # The namespace dex is running in
Beta Was this translation helpful? Give feedback.
All reactions