0

I'm trying to execute K8S kubectl cmds from inside the container(name: autodeploy). I have configured ClusterRole, ServiceAccount and ClusterRoleBinding. But getting Forbidden error while performing Describe and Scale actions on K8S Deployments.

Error from server (Forbidden): deployments.apps "test-deployment" is forbidden: User "system:node:ip-xx-xx-xx-xx.ec2.internal" cannot get resource "deployments" in API group "apps" in the namespace "abc"

autodeploy container also in same namespace abc

ClusterRole:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: autodeploy
rules:
  - apiGroups: ["*"]
    resources: ["deployments", "deployments/scale", "pods"]
    verbs: ["get", "list", "update"]

ServiceAccount:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: autodeploy
  namespace: abc

ClusterRoleBinding:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: autodeploy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: autodeploy
subjects:
  - kind: ServiceAccount
    name: autodeploy
    namespace: abc
xalves
  • 320
  • 1
  • 18
Prakash26790
  • 727
  • 9
  • 29
  • what does `kubectl auth can-i get deployment -n abc --as system:serviceaccount:abc:autodeploy` return ? – P.... Aug 12 '21 at 03:34
  • @P.... this returns `Warning: the server doesn't have a resource type 'deployment' The connection to the server localhost:8080 was refused - did you specify the right host or port?` – Prakash26790 Aug 12 '21 at 12:22
  • https://stackoverflow.com/questions/51874577/kubernetes-set-image-missing-resource-type-deployment – P.... Aug 12 '21 at 13:41
  • Managed to solve it ? – P.... Aug 14 '21 at 19:02

0 Answers0