K
Q

Unable to deploy pachyderm on kubernetes cluster because of RBAC

12/28/2018

My objective is to run the following command:

sudo pachctl deploy google ${BUCKET_NAME} ${STORAGE_SIZE} --dynamic-etcd-nodes=1

I face an error about permissions that I have(posted at last). So, I wanted to create my role via the following command:

sudo kubectl create clusterrolebinding aviralsrivastava-cluster-admin-binding --clusterrole=cluster-admin --user=aviral@socialcops.com

However, the above command is yielding me an error:

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "aviral@socialcops.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission.
-- aviral sanjay
kubernetes

Similar Questions

How to link Azure Active Directory "Service Principal" with AKS Kubernetes "Service Account"
Let's encrypt, Kubernetes and Traefik on GKE
kubernetes not creating the ELB for ingress-nginx controller
Kubernetes cluster autoscaling using Kubeadm
How to assign an hostname to an Azure Application Gateway with AGIC

1 Answer

12/28/2018

You need to apply following RBAC permission as a cluster-admin to provide permission to user aviral@socialcops.com for creating clusterRole and clusterRoleBinding:

ClusterRole.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: prom-admin
rules:
# Just an example, feel free to change it
- apiGroups: [""]
  resources: ["clusterRole", "clusterRoleBinding"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]

ClusterRoleBinding.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prom-rbac
subjects:
- kind: User
  name: aviral@socialcops.com
roleRef:
  kind: ClusterRole
  name: prom-admin
  apiGroup: rbac.authorization.k8s.io
-- Prafull Ladha
Source: StackOverflow