-
Notifications
You must be signed in to change notification settings - Fork 539
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server does not allow access to the requested resources #3
Comments
@chrisohaver had this issue and has a solution. It's the RBAC in 1.6, it needs more permissions to access other namespaces. @chrisohaver? |
RBAC is used by default in k8s 1.6. The kube-system default account no longer has access by default to the API. Also, coredns requires access to a couple more API objects than kube-dns does. There are a few ways to grant access. I think the cleanest solution is to create a new ServiceAccount, ClusterRole, and ClusterRoleBinding for coredns, and then configure the pods to use the new service account. Create ServiceAccount, ClusterRole, and ClusterRoleBinding
Configure pods to use the coredns service account |
@johnbelamaric @chrisohaver thanks for pointing me to a solution. This doesn't look like a problem with coredns deployment but rather an issue in k8s. I wished I saw the solution earlier as the solution I hacked up was not as clean. I ended up reusing the |
@chrisohaver can you add those templates here? Or, better make a 1.6 and later version of the deployment manifest that includes these? |
After installing k8s 1.6 via kubeadm, I tried to install
coredns
to replacekube-dns
, and thecoredns
pod/svc does get successfully deployed. However, inspecting the log ofcoredns
shows the following errors that repeats every few seconds:I do have a default service account in the namespace
kube-system
:AFAIK, this service account is what
coredns
uses:Any thoughts on this is not working?
The text was updated successfully, but these errors were encountered: