Can't create ClusterRoleBindings or ClusterRoles for gitlab-admin-service-account
See original GitHub issuehi, i am trying to create the clusterRoleBindings and clusterRoles from this file to use the cluster with gitlab. this has previously worked with a native kubernetes cluster without microk8s.
gitlab-admin-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitlab-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab-admin
namespace: kube-system
after applying the yaml file with
microk8s kubectl apply -f gitlab-admin-service-account.yaml
it logs following (as expected):
serviceaccount/gitlab-admin created
clusterrolebinding.rbac.authorization.k8s.io/gitlab-admin created
but the roles weren’t created when i try to find them in the dashboard nevertheless it can find the secret:
#!/bin/bash
microk8s kubectl delete -f gitlab-admin-service-account.yaml
microk8s kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
token=$(microk8s kubectl get secrets | grep -o 'default-token-.....');
microk8s kubectl get secret $token -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
microk8s kubectl apply -f gitlab-admin-service-account.yaml
microk8s kubectl -n kube-system describe secret $(microk8s kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')
but it won’t work with gitlab and i expect this to be related to it not even showing up in the interface ^^
i love this project, thank you and all the best paul
Issue Analytics
- State:
- Created 3 years ago
- Comments:9
Top Results From Across the Web
Using RBAC Authorization | Kubernetes
kubectl create clusterrolebinding · Across the entire cluster, grant the permissions in the "cluster-admin" ClusterRole to a user named "root":.
Read more >GKE: can't add ClusterRoleBinding or ClusterRole · Issue #124
I have tried to use the deployment manager to create everything I need for our deployment, but I failed at a nginx ingress...
Read more >Connect existing clusters through cluster certificates ...
Create a file called gitlab-admin-service-account.yaml with contents: ... kubectl create clusterrolebinding permissive-binding \ --clusterrole=cluster-admin ...
Read more >Azure RBAC Can't create clusterroles - Stack Overflow
According to Kubernetes Restrictions on role creation or update: You can only create/update a role if at least one of the following things ......
Read more >Mixing Kubernetes Roles, RoleBindings, ClusterRoles, and ...
We'll then create a service account in the test namespace: ... Cluster role bindings link accounts to cluster roles and grant access across ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hi Thanks for using MicroK8s. Quick question, did u enable rbac?
microk8s enable rbac
MicroK8s doesn’t enable rbac by default.The manifest you have provided gave the
ServiceAccount
gitlab-admin
acluster-admin
role. That’s whatClusterRoleBinding
do. Simply mapping aServiceAccount
to aClusterRole
. It does not create a ClusterRole.