K
Q

Inadvertently deleted admin clusterrole and can't access cluster resources

12/29/2021

I deleted my cluster-admin role via kubectl using:

kubectl delete clusterrole cluster-admin

Not sure what I expected, but now I don't have access to the cluster from my account. Any attempt to get or change resources using kubectl returns a 403, Forbidden. Is there anything I can do to revert this change without blowing away the cluster and creating a new one? I have a managed cluster on Digital Ocean.

-- eLymar
kubernetes

Similar Questions

Conditional scaling with Kubernetes Horizontal Pod Autoscaler
How to setup nginx as reverse proxy for rest microservice in kubernetes?
kubernetes nginx ingress log not displaying external ips
kubernetes error: unable to recognize "deployment.yaml": no matches for extensions/, Kind=Deployment
Choosing of AWS Load Balancer for Kubernetes HA cluster

2 Answers

12/29/2021

Try applying this YAML to creaste the new Cluster role 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

apply the YAML file changes

kubectl apply -f <filename>.yaml
-- Harsh Manvar
Source: StackOverflow
1/3/2022

Not sure what I expected, but now I don't have access to the cluster from my account.

If none of the kubectl commands actually work, unfortunately you will not be able to create a new cluster role. The problem is that you won't be able to do anything without an admin role. You can try creating the cluster-admin role directly through the API (not using kubectl), but if that doesn't help you have to recreate the cluster.

-- Mikołaj Głodziak
Source: StackOverflow