K
Q

no matches for kind "ClusterRbacConfig" in version "rbac.istio.io/v1alpha1"

8/10/2019

I've been trying to complete the first step of https://istio.io/docs/tasks/security/authz-http/. With the following file, i'm supposed to activate authorization on the default namespace of my cluster.

However, when i run the following script:

apiVersion: "rbac.istio.io/v1alpha1"
kind: ClusterRbacConfig
metadata:
  name: default
spec:
  mode: 'ON_WITH_INCLUSION'
  inclusion:
    namespaces: ["default"]

which is an exact copy of the script on the website, i get the following error: error: unable to recognize "5-authorization/yaml-files/rbac-config-ON.yaml": no matches for kind "ClusterRbacConfig" in version "rbac.istio.io/v1alpha1".

Unless istio's documentation is severely out-of-date, and the apiVersion is no longer the correct one, i don't know what causes this.

-- Patrick Weyn
google-cloud-platform
istio
kubernetes
rbac

Similar Questions

Deploy Jenkins in Kubernetes cluster
Get the current and the most latest CPU and Memory usage of all the pods
K8s - Node alerts
Howto route traffic to GKE private master from another VPC network
Why does using data source attributes in Kubernetes terraform provider for RBAC enabled AKS give unauthorized error?
Replace haproxy by ingress in AKS
Rook NFS Kubernetes RWX mount throws stale file handle error

2 Answers

8/12/2019

1. You probably installed Istio in a bad way. If you install Istio using helm, you need to install CRD first istio-crd.

So just check it executing command:

$ kubectl get crd

in istio namespace.

Make sure you have all CRD degined here: istio-crd-definitions.

Deploying the istio.yaml twice seems to be working. BUT you have to wait a little between the two runs.

if as browning said the certs must be deployed first, then it make sense that its working on the second run.

-- MaggieO
Source: StackOverflow
8/13/2019

As szymig mentioned, the wrong version of Istio was used. GKE runs 1.2.2.

-- Patrick Weyn
Source: StackOverflow