Kubernetes Deployment Error from server (Forbidden): error when retrieving current configuration

8/12/2018

I'm trying to deploy my web service to Google Container Engine:

Here's my deployment.yaml:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: handfree
  labels:
    app: handfree
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: handfree
    spec:
      containers:
      - name: handfree
        image: arycloud/mysecretrepo:latest
        imagePullPolicy: Always
        #Ports to expose
        ports:
        - name: api_port
          containerPort: 8000 

Here's my service.yaml:

kind: Service
apiVersion: v1
metadata:
  #Service name
  name: judge
spec:
  selector:
    app: handfree
  ports:
    - protocol: TCP
      port: 8000
      targetPort: 8000
  type: LoadBalancer  

I have created a cluster on Google Container Engine with cluster size 4 and 8 vCPUs, I have successfully get credentials by using the command from connecting link of this cluster.

When I try to run the deployment.yml it returns an error as:

Error from server (Forbidden): error when retrieving current configuration of: default handfree deployment.yaml

from server for: "deployment.yaml" deployments.extensions "handfree" is forbidden: User "client" cannot get deployments.extensions in the namespace "default": Unknown user "client".

I'm new to kubernetes world, help me, please!

Thanks in advance!

-- Abdul Rehman
docker
google-kubernetes-engine
kubernetes
kubernetes-deployment

1 Answer

8/12/2018

Unknown user "client".

Means there is no RoleBinding or ClusterRoleBinding with a subjects: of type: User with a name: of client.

The fix is to create a ClusterRoleBinding or RoleBinding -- depending on whether you want client to have access to every Namespace or just default -- and point it at an existing (or created) Role or ClusterRole. The bad news is that since your current credential is invalid, you will need to track down the cluster-admin credential to be able to make that kind of change. Since I haven't used GKE, I can't specify the exact steps.

I know those paragraphs are filled with jargon, and for that I'm sorry - it's a complex topic. There are several RBAC summaries, including a recent one from GitLab, a CNCF webinar, and one from Sysdig, and (of course) the kubernetes docs

-- mdaniel
Source: StackOverflow