Open satishrao84 opened 4 years ago
When applying the datastax-operator-manifests on GKE cluster, I get the below error:
[sanupin@lpdosput50934 ~]$ kubectl -n dse apply -f datastax-operator-manifests.yaml serviceaccount/dse-operator created rolebinding.rbac.authorization.k8s.io/dse-operator created customresourcedefinition.apiextensions.k8s.io/dsedatacenters.datastax.com created deployment.apps/dse-operator created Error from server (Forbidden): error when creating "datastax-operator-manifests.yaml": roles.rbac.authorization.k8s.io "dse-operator" is forbidden: user "satish.anupindi@aexp.com" (groups=["system:authenticated"]) is attempting to grant RBAC permissions not currently held: {APIGroups:[""], Resources:["configmaps"], Verbs:["*"]} {APIGroups:[""], Resources:["endpoints"], Verbs:["*"]} {APIGroups:[""], Resources:["events"], Verbs:["*"]} {APIGroups:[""], Resources:["namespaces"], Verbs:["get"]} {APIGroups:[""], Resources:["persistentvolumeclaims"], Verbs:["*"]} {APIGroups:[""], Resources:["pods"], Verbs:["*"]} {APIGroups:[""], Resources:["secrets"], Verbs:["*"]} {APIGroups:[""], Resources:["services"], Verbs:["*"]} {APIGroups:["apps"], Resources:["daemonsets"], Verbs:["*"]} {APIGroups:["apps"], Resources:["deployments"], Verbs:["*"]} {APIGroups:["apps"], Resources:["deployments/finalizers"], ResourceNames:["dse-operator"], Verbs:["update"]} {APIGroups:["apps"], Resources:["replicasets"], Verbs:["*"]} {APIGroups:["apps"], Resources:["statefulsets"], Verbs:["*"]} {APIGroups:["datastax.com"], Resources:["*"], Verbs:["*"]} {APIGroups:["monitoring.coreos.com"], Resources:["servicemonitors"], Verbs:["get" "create"]} {APIGroups:["policy"], Resources:["poddisruptionbudgets"], Verbs:["get" "list" "watch" "create"]}
Does that mean I don't have permissions to create those RBAC permissions?
Probably you are right. Check what permissions you have:
https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access
When applying the datastax-operator-manifests on GKE cluster, I get the below error:
Does that mean I don't have permissions to create those RBAC permissions?