kubernetes-configmap-rollouts icon indicating copy to clipboard operation
kubernetes-configmap-rollouts copied to clipboard

Published 20 hours ago verified publisher icon aabed

Server forbids access

Open steebchen opened this issue 5 years ago • 2 comments

Pod logs:

kubectl logs kubernetes-configmap-rollouts-7f886d9bb7-xrshg
Rerolling Deployments that use ConfigMap: 
Rerolling Deployments that use Secrets: 
Error from server (Forbidden): deployments.extensions is forbidden: User "system:serviceaccount:default:default" cannot list deployments.extensions in the namespace "default"
Error from server (Forbidden): deployments.extensions is forbidden: User "system:serviceaccount:default:default" cannot list deployments.extensions in the namespace "default"

The only thing I found quickly is enabling admin permissions for all pods, but it seems it's not what you should do. Is there a better way to only give this pod the proper permissions?

steebchen avatar Sep 06 '18 13:09 steebchen

@steebchen unfortunately the current yaml files doesn't support RBAC how about submitting a PR with RBAC yamls?

aabed avatar Sep 14 '18 23:09 aabed

I'm not so sure since everything is quite new for me, and for my current use case I decided to drop the configmap and simply built a custom image instead. I could send a PR in the future, though. Could you specify what permissions are necessary? In the message above I can see deployments.extensions but there are probably more. Thanks!

steebchen avatar Sep 15 '18 11:09 steebchen