ikyatov
commented
6 years ago @tamxdx The solution for me of a similar problem: Comment in file coredns-deployment.yaml
# ---
# apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# labels:
# kubernetes.io/bootstrapping: rbac-defaults
# addonmanager.kubernetes.io/mode: Reconcile
# name: system:coredns
# rules:
# - apiGroups:
# - ""
# resources:
# - endpoints
# - services
# - pods
# - namespaces
# verbs:
# - list
# - watch
# ---
# apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# annotations:
# rbac.authorization.kubernetes.io/autoupdate: "true"
# labels:
# kubernetes.io/bootstrapping: rbac-defaults
# addonmanager.kubernetes.io/mode: EnsureExists
# name: system:coredns
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: system:coredns
# subjects:
# - kind: ServiceAccount
# name: coredns
# namespace: kube-system
I'm a kubernetes newbie. I'm not how much this affects things..
==> master: Configuring Kubernetes DNS... serviceaccount "coredns" created clusterrolebinding "system:coredns" created configmap "coredns" created deployment "coredns" created service "coredns" created Error from server (Forbidden): error when creating "temp/coredns-deployment.yaml": clusterroles.rbac.authorization.k8s.io "system:coredns" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["watch"]}] user=&{kube-admin [system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]