I cannot apply this ClusterRole to my admin cluster to add rbac.authorization, I have used the same yaml file without problem for my user cluster.
How I solve the problem ?
Could be a problem of my kubeconfig file ?
ubuntu@anth-mgt-wksadmin:~$ cat cloud-console-reader.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cloud-console-reader
rules:
apiGroups: [""]
resources: ["nodes", "persistentvolumes"]
verbs: ["get", "list", "watch"]
apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
ubuntu@anth-mgt-wksadmin:~$ kubectl apply -f cloud-console-reader.yaml --kubeconfig kubeconfig
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterroles", GroupVersionKind: rbac.authorization.k8s.io/v1, Kind=ClusterRole" Name: "cloud-console-reader", Namespace: ""
from server for: "cloud-console-reader.yaml": clusterroles.rbac.authorization.k8s.io "cloud-console-reader" is forbidden: User "system:node:anth-admin-host1" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
ubuntu@anth-mgt-wksadmin:~$ kubectl get nodes --kubeconfig kubeconfig
NAME STATUS ROLES AGE VERSION
anth-admin-host1 Ready control-plane,master 7d4h v1.20.5-gke.1301
anth-admin-host3 Ready 3h50m v1.20.5-gke.1301
anth-admin-host4 Ready 6d7h v1.20.5-gke.1301
anth-admin-host5 Ready 3h48m v1.20.5-gke.1301
ubuntu@anth-mgt-wksadmin:~$ kubectl cluster-info dump --kubeconfig kubeconfig |tail -1
Error from server (Forbidden): events is forbidden: User "system:node:anth-admin-host1" cannot list resource "events" in API group "" in the namespace "kube-system"
}
Solved the problem.
I have copied the admin.conf file from one admin cluster node to the admin workstation and renamed to kubeconfig
root@anth-admin-host1:~# cat /etc/kubernetes/admin.conf apiVersion: v1 clusters:
all ok now!