Azure RBAC error on deploy

[DaveNW16HD]

Hi

I'm getting an error similar to

https://github.com/camilb/prometheus-kubernetes/issues/40

I'm running on Azure ACS K8S 1.7.7 and I'm deploying the latest code using commit cd8bdb94e9bef6cdf86124fdebdacfe17ebc45b8

I've tried doing

kubectl create clusterrolebinding admin-binding --clusterrole=cluster-admin --user=

where is obtained using the command

kubectl config view

Deploying Prometheus serviceaccount "prometheus-k8s" created rolebinding "prometheus-k8s" created rolebinding "prometheus-k8s" created rolebinding "prometheus-k8s" created clusterrolebinding "prometheus-k8s" created Error from server (Forbidden): error when creating "manifests/prometheus/prometh eus-k8s-rbac.yaml": roles.rbac.authorization.k8s.io "prometheus-k8s" is forbidde n: attempt to grant extra privileges: [PolicyRule{Resources:["nodes"], APIGroups :[""], Verbs:["get"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["li st"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRul e{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:[" services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], A PIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[" "], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["l ist"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} Poli cyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:[ "pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroup s:[""], Verbs:["watch"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Ve rbs:["get"]}] user=&{kubeconfig [system:authenticated] map[]} ownerrules=[] rul eResolutionErrors=[] Error from server (Forbidden): error when creating "manifests/prometheus/prometh eus-k8s-rbac.yaml": roles.rbac.authorization.k8s.io "prometheus-k8s" is forbidde n: attempt to grant extra privileges: [PolicyRule{Resources:["services"], APIGro ups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verb s:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Re sources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["en dpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGr oups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:[ "list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]}] user=& {kubeconfig [system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[] Error from server (Forbidden): error when creating "manifests/prometheus/prometh eus-k8s-rbac.yaml": roles.rbac.authorization.k8s.io "prometheus-k8s" is forbidde n: attempt to grant extra privileges: [PolicyRule{Resources:["services"], APIGro ups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verb s:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Re sources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["en dpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGr oups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:[ "list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]}] user=& {kubeconfig [system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[] Error from server (Forbidden): error when creating "manifests/prometheus/prometh eus-k8s-rbac.yaml": clusterroles.rbac.authorization.k8s.io "prometheus-k8s" is f orbidden: attempt to grant extra privileges: [PolicyRule{Resources:["nodes/metri cs"], APIGroups:[""], Verbs:["get"]} PolicyRule{NonResourceURLs:["/metrics"], Ve rbs:["get"]}] user=&{kubeconfig [system:authenticated] map[]} ownerrules=[] rul eResolutionErrors=[] servicemonitor "kube-scheduler" created servicemonitor "kube-apiserver" created servicemonitor "kube-controller-manager" created servicemonitor "node-exporter" created servicemonitor "kubelet" created service "prometheus-k8s" created servicemonitor "prometheus-operator" created prometheus "k8s" created servicemonitor "alertmanager" created servicemonitor "prometheus" created servicemonitor "kube-dns" created servicemonitor "kube-state-metrics" created configmap "prometheus-k8s-rules" created

After installation, I can only see the basic Node info but no K8S specific data such as namespace, pod & depoyments

Any ideas ?

[camilb]

Hi @DaveNW16HD, actually never tested Azure ACS, only Azure AKS, but I will create a cluster these days and have a look on it.