K
Q

Failed to discover supported resources

8/8/2018

I am trying to Create User With Limited Namespace Access. created namespace named as test and also created Group:programmers, User:frontend. Generated credentials for user:frontend by the help of following http://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

I created a role. Here is my role.yml

kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
    namespace: test
    name: frontend-developer
 rules:
 - apiGroups: ["","extensions","apps"]
   resources: ["deployments","replicasets","pods"]
   verbs: ["get","list","watch","create","patch"]`

I created rolebinding. Here is role-binding.yml

kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: frontend-deploy
   namespace: test
 subjects:
 - kind: User
   name: frontend
   namespace: test
 roleRef:
   kind: Role
   name: frontend-developer
   apiGroup: rbac.authorization.k8s.io

I am talking my deployment file as

apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: nodefrontend
   namespace: test
 spec:
   replicas: 3
   template:
     metadata:
       labels:
         app: bookstore
     spec:
       containers:
       - name: nodeweb
         image: balipalligayathri/devops-develop
         ports:
         - name: http
           containerPort: 3000
           protocol: TCP

I am using following commands while creating the role and rolebinding

$ kubectl create -f role.yml
$ kubectl create -f role-binding.yml

frontend developer Role and frontend-deploy Rolebindings were created.

Again, i am using the command kubectl create -f node-deployment.yml for deployment creation. Deployment was created and deleted successfully. here, i didn't mention any user while creating the deployment.so, I am trying to create deployment with user by using the below command.

kubectl create -f node-deployment.yml --as=frontend --context=frontend-context

I am facing the error like this

Error from server (Forbidden):

<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>
    Authentication requiredhttps://stackoverflow.com/questions/48164369/kubernetes-   1-8-dashboard-configurations-fails-with-error-no-kind-role-is-regi
    You are authenticated as: anonymous
    Groups that you are in:
    Permission you need to have (but didn't): hudson.model.Hudson.Read
    which is implied by: hudson.security.Permission.GenericRead
    which is implied by: hudson.model.Hudson.Administer    </body></html>

My doubt is: is there any necessity to mention the user in deployment.yml file?

-- gayathri
authentication
kubernetes
kubernetes-security
rbac

Similar Questions

How to mount a single file in container in kubernetes/docker
istio egressgateway: routing through a static IP
How to connect to a third party VPN from Google Cloud Platform?
How do I push a Docker Image in Virtual Box to Google repository?

1 Answer

8/8/2018

You need to create a serviceAccount, take a look at this snippet:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: myAccount

bind it to your role:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: myBinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: frontend-developer
subjects:
- kind: ServiceAccount
  name: myAccount

and use it in your Deployment:

apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: nodefrontend
   namespace: test
spec:
  template:
    metadata:
      labels:
        ...
    spec:
      serviceAccountName: myAccount

Ref:

-- Nicola Ben
Source: StackOverflow