You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am creating a kubernetes cluster with kubeadm, and I have done this literally, may be 100 times, and I am getting permission issues from the very beginning.
The context:
So, I first tried with k8s 1.15.1, and I was getting the following error when tried installing pod network (bunch of them; 1 for each object):
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "calico-kube-controllers", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "kind":"ServiceAccount" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"calico-kube-controllers" "namespace":"kube-system"]]}
from server for: "https://docs.projectcalico.org/v3.8/manifests/calico.yaml": serviceaccounts "calico-kube-controllers" is forbidden: User "system:node:master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts
I noticed the user is different (why is my master node the user configured in the config file?):
system:node:master
And this user has no permissions for almost anything:
root@master:~# kubectl auth can-i create deploy
no
I wanted to configure the user, but I haven't kept kubeadm token, and to get the token I get permission errors too.
root@master:~# kubeadm token list
failed to list bootstrap tokens: secrets is forbidden: User "system:node:master" cannot list resource "secrets" in API group "" in the namespace "kube-system": No Object name found
So, I kept trying; the same scenario for 1.14.4. No permissions for anything.
Then I tried the last version that I had tried already, which is 1.14.3, and it worked as expected. The user is kubernetes-admin, and has permissions for everything:
I wanted to check the release notes, but there is no much information, or I don't know interpret it. Does anyone have any information about what are the changes, or what am I doing wrong?
The text was updated successfully, but these errors were encountered:
getting a permission error during pod network setup, means you are trying to kubectl apply manifest files using a kubeconfig file which does not have the correct permissions.
make sure that your /etc/kubernetes/admin.conf is generated by kubeadm and contains kubernetes-admin as the user.
I wanted to check the release notes, but there is no much information, or I don't know interpret it. Does anyone have any information about what are the changes, or what am I doing wrong?
AFAIK, there is no such change that breaks this between 1.14.4 and .3.
I am creating a kubernetes cluster with kubeadm, and I have done this literally, may be 100 times, and I am getting permission issues from the very beginning.
The context:
So, I first tried with k8s 1.15.1, and I was getting the following error when tried installing pod network (bunch of them; 1 for each object):
I noticed the user is different (why is my master node the user configured in the config file?):
system:node:master
And this user has no permissions for almost anything:
I wanted to configure the user, but I haven't kept kubeadm token, and to get the token I get permission errors too.
So, I kept trying; the same scenario for 1.14.4. No permissions for anything.
Then I tried the last version that I had tried already, which is 1.14.3, and it worked as expected. The user is kubernetes-admin, and has permissions for everything:
I wanted to check the release notes, but there is no much information, or I don't know interpret it. Does anyone have any information about what are the changes, or what am I doing wrong?
The text was updated successfully, but these errors were encountered: