What is the issue with my manifest file?
cat manifests/node-exporter-clusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: node-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: node-exporter
subjects:
- kind: ServiceAccount
name: node-exporter
cat manifests/kube-state-metrics-clusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
If I apply these manifest with namespace I get an error as like below:
kubectl -f manifests/kube-state-metrics-clusterRoleBinding.yaml -n test-monitoring
The ClusterRoleBinding "node-exporter" is invalid: subjects[0].namespace: Required value
kubectl apply -f manifests/kube-state-metrics-clusterRoleBinding.yaml -n test-monitoring
The ClusterRoleBinding "kube-state-metrics" is invalid: subjects[0].namespace: Required value
Any issue with manifests files?
As a ServiceAccount is a namespaced object, you need to explicitly add the namespace of the ServiceAccount as:
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: <namespace-of-kube-state-metrics-serviceaccount>