Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] unable to find service account in clusterrolebinding. #102

Closed
imazik opened this issue Jun 10, 2019 · 1 comment

Comments

Projects
None yet
1 participant
@imazik
Copy link

commented Jun 10, 2019

I installed botkube manifests using kubectl, all the resources created in default namespace. In clusterrolebinding serviceaccount namespace is botkube that's why it is unable to get that service account and I am getting this error.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: botkube-sa
  labels:
    app: botkube
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: botkube-clusterrolebinding
  labels:
    app: botkube
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: botkube-clusterrole
subjects:
- kind: ServiceAccount
  name: botkube-sa
  namespace: botkube

Log of botkube pod

INFO[2019-06-10T11:17:27Z] Allowed Events - map[{Resource:clusterrole Namespace:all}:true {Resource:configmap Namespace:all}:true {Resource:daemonset Namespace:all}:true {Resource:deployment Namespace:all}:true {Resource:ingress Namespace:all}:true {Resource:job Namespace:all}:true {Resource:namespace Namespace:all}:true {Resource:node Namespace:all}:true {Resource:persistentvolume Namespace:all}:true {Resource:persistentvolumeclaim Namespace:all}:true {Resource:pod Namespace:all}:true {Resource:role Namespace:all}:true {Resource:rolebinding Namespace:all}:true {Resource:secret Namespace:all}:true {Resource:service Namespace:all}:true] 
INFO[2019-06-10T11:17:27Z] Starting controller                          
INFO[2019-06-10T11:17:27Z] Starting slack bot                           
INFO[2019-06-10T11:17:27Z] Registering resource lifecycle informer      
INFO[2019-06-10T11:17:27Z] Adding informer for resource:pods namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:services namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:deployments namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:ingresses namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:nodes namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:namespaces namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:persistentvolumes namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:secrets namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:configmaps namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:daemonsets namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:jobs namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:roles namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:rolebindings namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:clusterroles namespace:all 
INFO[2019-06-10T11:17:27Z] Adding informer for resource:nodes namespace:all 
INFO[2019-06-10T11:17:27Z] Registering kubernetes events informer for types: [warning] 
INFO[2019-06-10T11:17:27Z] Registering watcher on configfile /config/config.yaml 
E0610 11:17:27.170659       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "configmaps" in API group "" at the cluster scope
E0610 11:17:27.174755       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Role: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "roles" in API group "rbac.authorization.k8s.io" at the cluster scope
E0610 11:17:27.174849       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1beta1.Ingress: ingresses.extensions is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "ingresses" in API group "extensions" at the cluster scope
E0610 11:17:27.174992       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "nodes" in API group "" at the cluster scope
E0610 11:17:27.176454       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "jobs" in API group "batch" at the cluster scope
E0610 11:17:27.176821       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.PersistentVolume: persistentvolumes is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "persistentvolumes" in API group "" at the cluster scope
E0610 11:17:27.177342       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "secrets" in API group "" at the cluster scope
E0610 11:17:27.177663       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.RoleBinding: rolebindings.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "rolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
E0610 11:17:27.177689       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:130: Failed to list *v1.Event: events is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "events" in API group "" at the cluster scope
E0610 11:17:27.177730       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "nodes" in API group "" at the cluster scope
E0610 11:17:27.177777       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.ClusterRole: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
E0610 11:17:27.177883       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "services" in API group "" at the cluster scope
E0610 11:17:27.177955       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1beta1.DaemonSet: daemonsets.extensions is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "daemonsets" in API group "extensions" at the cluster scope
E0610 11:17:27.178183       9 reflector.go:134] github.com/infracloudio/botkube/pkg/controller/controller.go:89: Failed to list *v1beta1.Deployment: deployments.extensions is forbidden: User "system:serviceaccount:default:botkube-sa" cannot list resource "deployments" in API group "extensions" at the cluster scope

To Reproduce
Steps to reproduce the behavior:

kubectl apply -f https://raw.githubusercontent.com/infracloudio/botkube/master/deploy-all-in-one.yaml

@imazik imazik added the bug label Jun 10, 2019

@imazik imazik closed this Jun 10, 2019

@imazik

This comment has been minimized.

Copy link
Author

commented Jun 10, 2019

sorry it is not an issue -
kubectl create ns botkube && kubectl create -f deploy-all-in-one.yaml -n botkube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.