Adding more info: I just did kubeadm reset and then kubeadm init again. Those went well, however issuing following throws error:
[root@vmdoccXXXX ~]# kubectl get namespaces Error from server (Forbidden): namespaces is forbidden: User "system:node: vmdoccXXXX.example.com" cannot list namespaces at the cluster scope On Tue, Mar 6, 2018 at 10:39 AM, alwin james <jamea...@gmail.com> wrote: > Thank You, MR for the reply. > > The goal here is to enable kubernetes dashboard. > > It looks like I am using 'system:node:' role and it is trying to touch > 'kube-system' namespace which it does not have enough privilege to. > What are the recommendations here? > > Do you recommend any good read that deals with editing/playing with RBAC? > Also, somewhere I found that messing with 'system:node:' is not > recommended. > > Regards, > Alwin > > > On Tue, Mar 6, 2018 at 12:43 AM, 'Matthias Rampke' via Kubernetes user > discussion and Q&A <kubernetes-users@googlegroups.com> wrote: > >> It looks like you're having permissions issues. Check your RBAC roles and >> bindings. Which credentials is kubectl using? What permissions do these >> have? >> >> (I'm afraid that's as far as I can help you, my knowledge here is hazy). >> >> /MR >> >> On Tue, Mar 6, 2018, 07:09 <jamea...@gmail.com> wrote: >> >>> >>> Hello, I am a newbie to Kubernetes world. >>> Am facing some issues with my cluster setup. >>> Getting below error while running: >>> >>> [root@vmdoccXXXX alwin]# kubectl apply -f https://docs.projectcalico.org >>> /v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc420316300 0xc4201469a0 kube-system calico-config >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc4212c6748 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": configmaps "calico-config" is forbidden: User >>> "system:node:vmdoccXXXX.example.com" cannot get configmaps in the >>> namespace "kube-system": no path found to object >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc420316480 0xc4203bf180 kube-system calico-etcd >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc422974078 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": daemonsets.extensions "calico-etcd" is >>> forbidden: User "system:node:vmdoccXXXX.example.com" cannot get >>> daemonsets.extensions in the namespace "kube-system" >>> Error from server (Forbidden): error when creating " >>> https://docs.projectcalico.org/v3.0/getting-started/kuberne >>> tes/installation/hosted/kubeadm/1.7/calico.yaml": services is >>> forbidden: User "system:node:vmdoccXXXX.example.com" cannot create >>> services in the namespace "kube-system" >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f6a80 0xc420208700 kube-system calico-node >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a098 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": daemonsets.extensions "calico-node" is >>> forbidden: User "system:node:vmdoccXXXX.example.com" cannot get >>> daemonsets.extensions in the namespace "kube-system" >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f6e40 0xc4203e42a0 kube-system calico-kube-controllers >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a148 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": deployments.extensions >>> "calico-kube-controllers" is forbidden: User "system:node: >>> vmdoccXXXX.example.com" cannot get deployments.extensions in the >>> namespace "kube-system" >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f7080 0xc420306d90 calico-cni-plugin >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a1e0 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": clusterrolebindings.rbac.authorization.k8s.io >>> "calico-cni-plugin" is forbidden: User "system:node:vmdoccXXXX.exampl >>> e.com" cannot get clusterrolebindings.rbac.authorization.k8s.io at the >>> cluster scope >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f7140 0xc4205ba230 calico-cni-plugin >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a298 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": clusterroles.rbac.authorization.k8s.io >>> "calico-cni-plugin" is forbidden: User "system:node:vmdoccXXXX.exampl >>> e.com" cannot get clusterroles.rbac.authorization.k8s.io at the cluster >>> scope >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f7200 0xc4205baee0 kube-system calico-cni-plugin >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a320 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": serviceaccounts "calico-cni-plugin" is >>> forbidden: User "system:node:vmdoccXXXX.example.com" cannot get >>> serviceaccounts in the namespace "kube-system" >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f72c0 0xc4206203f0 calico-kube-controllers >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a3a8 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": clusterrolebindings.rbac.authorization.k8s.io >>> "calico-kube-controllers" is forbidden: User "system:node: >>> vmdoccXXXX.example.com" cannot get clusterrolebindings.rbac.autho >>> rization.k8s.io at the cluster scope >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f7380 0xc420621b90 calico-kube-controllers >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a450 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": clusterroles.rbac.authorization.k8s.io >>> "calico-kube-controllers" is forbidden: User "system:node: >>> vmdoccXXXX.example.com" cannot get clusterroles.rbac.authorizatio >>> n.k8s.io at the cluster scope >>> Error from server (Forbidden): error when retrieving current >>> configuration of: >>> &{0xc4200f7440 0xc420c42770 kube-system calico-kube-controllers >>> https://docs.projectcalico.org/v3.0/getting-started/kubernet >>> es/installation/hosted/kubeadm/1.7/calico.yaml 0xc420d3a4c0 false} >>> from server for: "https://docs.projectcalico.or >>> g/v3.0/getting-started/kubernetes/installation/hosted/ >>> kubeadm/1.7/calico.yaml": serviceaccounts "calico-kube-controllers" is >>> forbidden: User "system:node:vmdoccXXXX.example.com" cannot get >>> serviceaccounts in the namespace "kube-system" >>> >>> >>> Seems like I am missing something. >>> Any help is much appreciated. :-) >>> >>> Regards, >>> Alwin >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Kubernetes user discussion and Q&A" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to kubernetes-users+unsubscr...@googlegroups.com. >>> To post to this group, send email to kubernetes-users@googlegroups.com. >>> Visit this group at https://groups.google.com/group/kubernetes-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/kubernetes-users/UzOfzyW1WsA/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> kubernetes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to kubernetes-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
