Search code examples
kuberneteskubectl

How to fix error: User cannot get resource "deployments" in API group "apps" in the namespace "default"?

I've got a problem with roles and authentication kubernetes. I created a one-node (one maser) cluster, on my baremetal server, and I made this cluster listen on different IP than default (with option "--apiserver-advertise-address= ip address "). But now I basically can do nothing in it, because of kubectl does not work. I can't create pods and services I need. When I created the cluster, without this IP changinh, it works. So my question is how to fix this? It is probably an authorization problem, but I can't even create cluster role or cluster role binding because of errors like this: " error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:node:e4-1" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope"... Is there any way to "login" as admin, or something, or is there a way to change something in configs files to fix this?

Solution

  • Based on the flag you mention I assume you are using kubeadm to create your cluster. Most probable cause is that you are using the wrong .conf file. My suspicions are that you are using the kubelet.conf instead of admin.conf.

    Below you can find an example of the kubeadm init output. It contains steps that you need to follow to start using kubectl:

    Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a Pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  /docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>

    As you see one of the commands is to copy admin.conf file into /.kube/config which then kubectl uses to manage cluster.