Inadvertently deleted admin clusterrole and can't access cluster resources

12/29/2021

I deleted my cluster-admin role via kubectl using:

kubectl delete clusterrole cluster-admin

Not sure what I expected, but now I don't have access to the cluster from my account. Any attempt to get or change resources using kubectl returns a 403, Forbidden. Is there anything I can do to revert this change without blowing away the cluster and creating a new one? I have a managed cluster on Digital Ocean.

-- eLymar
kubernetes

2 Answers

12/29/2021

Try applying this YAML to creaste the new Cluster role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

apply the YAML file changes

kubectl apply -f <filename>.yaml
-- Harsh Manvar
Source: StackOverflow

1/3/2022

Not sure what I expected, but now I don't have access to the cluster from my account.

If none of the kubectl commands actually work, unfortunately you will not be able to create a new cluster role. The problem is that you won't be able to do anything without an admin role. You can try creating the cluster-admin role directly through the API (not using kubectl), but if that doesn't help you have to recreate the cluster.

-- Mikołaj Głodziak
Source: StackOverflow