This maybe helpful:
https://github.com/kubernetes/dashboard/wiki/Access-control
On Wed, Dec 20, 2017 at 11:59 PM, Itamar O <itamar...@gmail.com> wrote:
> Hi,
> I haven't used RBAC before - been using GKE with "legacy auth" since 1.5
> (which persisted throughout upgrades until 1.8 today, I guess).
> I'm now trying to create a new alpha cluster starting with 1.8.4-gke.1,
> and the dashboard appears to be unusable out of the box.
> When accessing the dashboard UI I get a bunch of errors of the form:
>
> {resource} is forbidden: User "system:serviceaccount:kube-system:default"
> cannot list {resource} in the namespace "default": Unknown user
> "system:serviceaccount:kube-system:default"
>
> (for many values of {resource}, such as "configmap", "pods",
> "deployments", etc.)
>
> I also can't list namespaces in the dashboard.
>
> I'm guessing I need to configure RBAC somehow to create the relevant users
> and assign them permissions,
> but I have no idea how to do that to make the dashboard happy again.
>
> Is this documented somewhere?
>
> Thanks,
> Itamar.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
