-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed when running rbac.yaml by permission denied. #1663
Comments
@jeffwji please share the ABAC rules |
I am also getting this error in my cluster that I haven't enabled RBAC for yet (I want to get all the roles sorted before I turn it on). I haven't even got ABAC enabled, just authentication via user certs. |
@jpiper if you don't have RBAC or ABAC enabled you need to install the ingress controller using https://github.com/kubernetes/ingress-nginx/tree/master/deploy#install-without-rbac-roles |
@aledbf ah, I got it, I had to give myself cluster admin permissions first. kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cluster-admins
subjects:
- kind: User
name: piperj
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: "" |
I almost put everything I known to ABAC:
And I'm having the config to allow me login as admin.
|
@jpiper Wooo! I also got it after grant admin with cluster-admin role, there is no default value for any user in the system. but why ABAC policy doesn't work? |
@jeffwji can we close this issue? |
Yes, we can close it now, but I still don't understand why ABAC policy doesn't work though. |
@jeffwji maybe you can get help in the kubernetes-users slack channel |
@jpiper I couldnt get my rbac applied even after creating the ClusterRoleBinding as you specified it. Am I missing something else? |
Just in case someone else has problems, this prometheus-operator/prometheus-operator#357 (comment) worked for me. |
If you're having this problem on GKE also try:
Per: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control This should initialize your user as a cluster admin under RBAC. |
@dafstone Thanks! You forgot a |
Actually looks like it was in there but github was hiding it, so I re-wrapped as a code block. Thanks for pointing that out! |
Facing the same issue when trying to setup openfaas on gke (1.8+ version)
I ran the commands suggested to fix the issue but it did not solve the problem,
Your help is much appreciated! |
I am facing the same issue, I have run |
Hello Folks, I am facing same Forbidden error, even after executing |
If anyone else is seeing something like this on GKE:
See the email with caps? If you run this:
and it'll let you apply the mandatory.yaml. |
Recently I upgrade my k8s to version 1.8 and enabled RBCA (parallelly with ABCA) and encountered difficulty when deploy ingress-nginx, this is the error information:
\# kubectl create -f rbac.yaml
Not sure how to fix it?
The text was updated successfully, but these errors were encountered: