GKE clusterrolebinding for admin cluster does not work with permission error

Question

GKE clusterrolebinding for admin cluster does not work with permission error

I just created a new cluster using the Google Container Engine with Kubernetes 1.7.5 with new RBAC permissions. I ran into the issue of granting permissions for some of my services, which lead me to the following:

docs to use the container mechanism with the RBAC clause so that the user is given the opportunity to create authorization roles by running the following command

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>]

However, this fails due to the lack of permissions (which I would assume are the same permissions that we are trying to grant by executing the above command).

 Error from server (Forbidden): User "<user-name>" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope.: "Required \"container.clusterRoleBindings.create\" permission." (post clusterrolebindings.rbac.authorization.k8s.io)

Any help would be greatly appreciated as it blocks me from creating the permissions needed for my cluster services.

+5

permissions google-container-engine kubernetes google-cloud-platform

rmtmckenzie Sep 19 '17 at 18:20

source share

1 answer

Janos lenart · Accepted Answer · 2017-09-20T08:11:18+0000

If your kubeconfig was created automatically using gcloud , then your user is not the most powerful admin user - which you are trying to create a binding for.

Use gcloud container clusters describe in the cluster and find the password field.

Then do kubectl --username=admin --password=FROMABOVE create clusterrolebinding ...

GKE clusterrolebinding for admin cluster does not work with permission error

More articles: