K
Q

kubectl proxy incorrectly uses kube-system default user

12/23/2017

I have a Kubernetes cluster (v1.8.4) set up on Google Kubernetes Engine. I have properly set up and configured kubectl on my local machine, and I can use this command to successfully create and delete assets on Kubernetes.

However, when I run kubectl proxy to view the admin dashboard, I get errors indicating the connection is made with some kube-system default user that doesn't exist:

configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list configmaps at the cluster scope: Unknown user "system:serviceaccount:kube-system:default"

To verify, I have run

gcloud container clusters get-credentials <cluster> --zone us-central1-f --project <project>

and my context is set correctly:

kubectl config get-contexts
CURRENT   NAME                                       CLUSTER                                    AUTHINFO                                   NAMESPACE
*         gke_<project>_us-central1-f_<cluster>      gke_<project>_us central1-f_<cluster>      gke_<project>_us-central1-f_<cluster>   
          minikube                                   minikube                                   minikube

Shouldn't kubectl proxy use my google domain credentials when I access the dashboard?

-- drs
kubernetes

Similar Questions

URL for IBM Cloud Kubernetes deployment
gke nginx lb health checks / can't get all instances in a "healthy" state
After adding a service account, it obtains all permissions by default
kubernetes application throws DatastoreException, Missing or insufficient permissions. Service key file provided

0 Answers