Open jon-small opened 1 year ago
I'm following this guide for the first time and came across an issue in the RBAC section of step 8 I wanted to make you aware of. With my config (K8s v1.28), using 'namespace=""' in the ClusterRoleBinding will error out with the following:
pi@controller1:~ $ cat <<EOF | kubectl apply --kubeconfig admin.kubeconfig -f - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:kube-apiserver namespace: "" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:kube-apiserver-to-kubelet subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: kubernetes EOF Error from server: error when retrieving current configuration of: Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding" Name: "system:kube-apiserver", Namespace: "" from server for: "STDIN": etcdserver: leader changed
I removed the 'namespace=""' line from the config and it worked properly:
pi@controller1:~ $ cat <<EOF | kubectl apply --kubeconfig admin.kubeconfig -f - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:kube-apiserver roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:kube-apiserver-to-kubelet subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: kubernetes EOF clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created
My Setup:
Thank you for this guide and the continuing maintenance of it!
I'm following this guide for the first time and came across an issue in the RBAC section of step 8 I wanted to make you aware of. With my config (K8s v1.28), using 'namespace=""' in the ClusterRoleBinding will error out with the following:
I removed the 'namespace=""' line from the config and it worked properly:
My Setup:
Thank you for this guide and the continuing maintenance of it!