RBAC authorization forbidding me to assign roles and depoyments

5/17/2018

I'm running a two-node cluster on CentOS 7 with latest version of Kubernetes. Can't seem to do anything after setting it up..

This is the error I encounter whenever I want to create a deployment from the master:

Error from server (Forbidden): error when retrieving current configuration of:
    &{0xc4204bc6c0 0xc420098150 default nginx-deployment https://k8s.io/docs/tasks/run-application/deployment.yaml 0xc423138760  false}
    from server for: "https://k8s.io/docs/tasks/run-application/deployment.yaml": deployments.apps "nginx-deployment" is forbidden: User "system:node:workhorse1" cannot get deployments.apps in the namespace "default"

Also tried to mess with user creation and role bindings and this error occurs:

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:node:workhorse1" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope

Any ideas?

-- FranceskaSophie
centos
kubeadm
kubelet
kubernetes
rbac

1 Answer

5/19/2018

Check the role of system:node:workhorse1, and get it's detail, I think it doesn't allow the node to access the deploy.apps resource. Or maybe you use Node Authorizatin to authorize the node, the Node only authorize the node to access pod, not deployment. And node doesn't suppose to access info about rbac, so you need a user with admin role to process rbac rules.

-- Kun Li
Source: StackOverflow