Forbidden error while describe/scale deployment by user system:node:ip.xx

8/11/2021

I'm trying to execute K8S kubectl cmds from inside the container(name: autodeploy). I have configured ClusterRole, ServiceAccount and ClusterRoleBinding. But getting Forbidden error while performing Describe and Scale actions on K8S Deployments.

Error from server (Forbidden): deployments.apps "test-deployment" is forbidden: User "system:node:ip-xx-xx-xx-xx.ec2.internal" cannot get resource "deployments" in API group "apps" in the namespace "abc"

autodeploy container also in same namespace abc

ClusterRole:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: autodeploy
rules:
  - apiGroups: ["*"]
    resources: ["deployments", "deployments/scale", "pods"]
    verbs: ["get", "list", "update"]

ServiceAccount:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: autodeploy
  namespace: abc

ClusterRoleBinding:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: autodeploy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: autodeploy
subjects:
  - kind: ServiceAccount
    name: autodeploy
    namespace: abc
-- Prakash26790
amazon-eks
k8s-rolebinding
k8s-serviceaccount
kubectl
kubernetes

0 Answers