search

fnproject / fn-helm

Helm Chart for Fn
Apache License 2.0
56 stars 24 forks source link

Error: release gocd failed: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:kube-system:tiller" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope #54

Open nitingadekar opened 5 years ago

nitingadekar commented 5 years ago

I am following below link for installing GoCD using helm chart, https://docs.gocd.org/current/gocd_on_kubernetes/gocd_helm_chart/helm_install.html

when I run below command it gives error: $ helm install stable/gocd --name gocd --namespace gocd Error: release gocd failed: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:kube-system:tiller" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

Below is the clusterRoleBinding for tiller service account.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"cluster-admin-tiller"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"apiGroup":"","kind":"ServiceAccount","name":"tiller","namespace":"kube-system"}]}
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2019-06-21T07:15:12Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin-tiller
  resourceVersion: "371704"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin-tiller
  uid: 4f5aedb7-93f4-11e9-825b-021cf6c0635e
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: kube-system

Not able to get rid of this error even after binding cluster-admin ClusterRole to the Service account tiller and default. Please assist

denismakogon commented 5 years ago

Hi. How is this related to Fn helm charts? Fn helm charts have no relation to GoCD.