RBAC Error : Error from server (Forbidden): error when creating "role-qa.yaml": roles.rbac.authorization.k8s.io "qa-role" is forbidden
I am getting this error while creating custom role for kubernetes namespace.
RBAC Error : Error from server (Forbidden): error when creating "role-qa.yaml": roles.rbac.authorization.k8s.io "qa-role" is forbidden
I have tried this on many version of kubernetes. I have checked many solutions provided by various users about assigning "cluster-admin" role to user and did the same but still it didn't resolve this issue.
Below are the details required.
namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: qa
---
apiVersion: v1
kind: Namespace
metadata:
name: prodI have double check the user used for kubernetes access as below.
gcloud config list
output :
[core]
account = xyz@gmail.com
disable_usage_reporting = True
project = sonar-198615gcloud auth list
output:
Credentialed Accounts
ACTIVE ACCOUNT
* xyz@gmail.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`I have also checked if the cluster role is assigned to the user or not and user is having cluster admin role.
Below is the full error which i am getting.
Error from server (Forbidden): error when creating "role-qa.yaml":
roles.rbac.authorization.k8s.io "qa-role" is forbidden: attempt to
grant extra privileges: [PolicyRule{APIGroups:[""],
Resources:["pods"], Verbs:["get"]} PolicyRule{APIGroups:[""],
Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups:[""],
Resources:["pods"], Verbs:["list"]}] user=&{xyz@gmail.com
[system:authenticated]
map[user-assertion.cloud.google.com:[AF1jyJCtSZd2sdmeNfdVbJyylD/nTw8h9aQznfgDOI8n4n7MlK9ncU0r+UXrVCgySWVv4wJHg85db75ekmhV67qyxwVP7tv0KzEKtEz7agxSXSu+qZsxBjoKHIQpjlhrT9mc7cRAvB/OxTxvi8xexAC7fvf563Ttwoejx11F6Bs3qXElIhDDtTKT0O8S0eWIFcHoWMrs+nIdvcsbXaQLHL4+E2+Uufjrp3f+8nyC]]}
ownerrules=[PolicyRule{APIGroups:["authorization.k8s.io"],
Resources:["selfsubjectaccessreviews" "selfsubjectrulesreviews"],
Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis"
"/apis/*" "/healthz" "/openapi" "/openapi/*" "/swagger-2.0.0.pb-v1"
"/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version" "/version/"],
Verbs:["get"]}] ruleResolutionErrors=[]Kindly let me know if anyone needs any further information on this.