K
Q

Traefik installation error on GCS: Unknown user "system:serviceaccount:default:default"

7/10/2018

I've been racking my head on how to set up traefik with GKE. I'm currently getting what I think is an RBAC related error...

github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: 

Failed to list *v1beta1.Ingress: 
ingresses.extensions is forbidden: User system:serviceaccount:default:default" 
cannot list ingresses.extensions at the cluster scope: 
Unknown user "system:serviceaccount:default:default"`

Any idea on how to get around this error?

-- Alex Miles
google-kubernetes-engine
kubernetes
traefik

Similar Questions

Can not fetch values from remote spring config from spring boot client in Kubernetes
Minikube installation failing within script
How to run kubernetes pod for a set period of time each day?
Unable to add custom application using ICP private image registry
AWS Elastic Kubernetes Service: how to expose a container/pod to an Elasticsearch cluster inside AWS?

1 Answer

7/11/2018

That is an error the GKE IAM authorizer returns when a user is not authorized to do something. In GKE, the RBAC authorizer is then consulted. The fact that you are seeing that error message means both the GKE and RBAC authorizers forbid that user. Make sure you are deploying traefik using the expected service account and have set up an RBAC policy that gives that service account required permissions

-- Jordan Liggitt
Source: StackOverflow