Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't create ClusterRoleBindings or ClusterRoles for gitlab-admin-service-account

See original GitHub issue

hi, i am trying to create the clusterRoleBindings and clusterRoles from this file to use the cluster with gitlab. this has previously worked with a native kubernetes cluster without microk8s.

gitlab-admin-service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab-admin
    namespace: kube-system

after applying the yaml file with

microk8s kubectl apply -f gitlab-admin-service-account.yaml

it logs following (as expected):

serviceaccount/gitlab-admin created
clusterrolebinding.rbac.authorization.k8s.io/gitlab-admin created

but the roles weren’t created when i try to find them in the dashboard nevertheless it can find the secret:

#!/bin/bash

microk8s kubectl delete -f gitlab-admin-service-account.yaml

microk8s kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
token=$(microk8s kubectl get secrets | grep -o 'default-token-.....');
microk8s kubectl get secret $token -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
microk8s kubectl apply -f gitlab-admin-service-account.yaml
microk8s kubectl -n kube-system describe secret $(microk8s kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')

but it won’t work with gitlab and i expect this to be related to it not even showing up in the interface ^^

i love this project, thank you and all the best paul

Issue Analytics

State:
Created 3 years ago
Comments:9

Top GitHub Comments

1reaction

balchuacommented, Nov 23, 2020

Hi Thanks for using MicroK8s. Quick question, did u enable rbac? microk8s enable rbac MicroK8s doesn’t enable rbac by default.

0reactions

balchuacommented, Nov 23, 2020

The manifest you have provided gave the ServiceAccount gitlab-admin a cluster-admin role. That’s what ClusterRoleBinding do. Simply mapping a ServiceAccount to a ClusterRole. It does not create a ClusterRole.

Top Results From Across the Web

Using RBAC Authorization | Kubernetes

kubectl create clusterrolebinding · Across the entire cluster, grant the permissions in the "cluster-admin" ClusterRole to a user named "root":.

GKE: can't add ClusterRoleBinding or ClusterRole · Issue #124

I have tried to use the deployment manager to create everything I need for our deployment, but I failed at a nginx ingress...

Connect existing clusters through cluster certificates ...

Create a file called gitlab-admin-service-account.yaml with contents: ... kubectl create clusterrolebinding permissive-binding \ --clusterrole=cluster-admin ...

Azure RBAC Can't create clusterroles - Stack Overflow

According to Kubernetes Restrictions on role creation or update: You can only create/update a role if at least one of the following things ......

Mixing Kubernetes Roles, RoleBindings, ClusterRoles, and ...

We'll then create a service account in the test namespace: ... Cluster role bindings link accounts to cluster roles and grant access across ......