K
Q

deploy fail on kubernetes: kubectl apply fail

7/5/2018

I have tried to run this YAML fine, but I am getting the below issue 1 master 2 nodes has been configured and I ran kubectl get nodes output looks fine

kubectl apply -f https://k8s.io/examples/application/deployment.yaml

then I have downloaded the file locally and tried, but again same error

Error from server (Forbidden) :

deployments.extensions "nginx-deployment" is forbidden: User "system:node:master" cannot get deployments.extensions in the namespace "default" root@master:~#

Please assist me to resolve the issue

-- Manikandan
kubeadm
kubectl
kubelet
kubernetes
pod

Similar Questions

Azure kubernetes service ingress and clusters per region
kube-apiserver authentification ( Unauthorized )
Google Cloud kubernetes engine external ip
Make coredns responses depend on client namespaces in k8s cluster

1 Answer

7/5/2018

This is a RBAC restriction about which you can read on Kubernetes - Using RBAC Authorization docs.

You want to create your own ServiceAccount then Role and then bind them together using RoleBinding.

ServiceAccount example

apiVersion: v1
kind: ServiceAccount
metadata:
  name: some-name
  namespace: my-name

Role example

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: some-name
  namespace: my-name
rules:
  - apiGroups: ["extensions"]
    resources: ["deployments"]
    verbs: ["get","list","patch","update"]

RoleBinding example

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: some-name
  namespace: my-name
subjects:
  - kind: ServiceAccount
    name: some-name
    namespace: my-name
roleRef:
  kind: Role
  name: some-name
  apiGroup: rbac.authorization.k8s.io

There are examples online which you can find.

-- Crou
Source: StackOverflow