CODEWITHSUNDEEP
kubernetescontainersrbac
IAspireToBeGladOS
IAspireToBeGladOS

Reputation: 1484

Kubernetes RBAC permissions - unknown 'clusterrole' flag when attempting to grant permissions?

I am using the Mirantis kubeadm-dind-cluster repository (https://github.com/Mirantis/kubeadm-dind-cluster) as my Kubernetes install; I came across this error when attempting to run a container -

panic: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:default:default" cannot create customresourcedefinitions.apiextensions.k8s.io at the cluster scope

So I attempted to add cluster-admin permissions to my account:

kubectl create clusterrolebinding serviceaccounts-cluster-admin --clusterrole=cluster-admin  --group=system:serviceaccounts

And get the following error:

Error: unknown flag: --clusterrole

Why is this? How do I fix this or get around it? I'm not sure how to convert the command into a YAML file to "kubectl create -f" to but it seems like that might be the way to go.

All three nodes are on version 1.8.6.

Upvotes: 2

Views: 3888

Answers (1)

Jordan Liggitt
Jordan Liggitt

Reputation: 18111

What version of kubectl are you using? Be sure you are using a version that includes the kubectl create clusterrolebinding command

If your version of kubectl does not support that command, you can try creating it directly via a yaml file (though I'm not sure whether 1.5.x kubectl was happy submitting versions of API objects it didn't know about):

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: serviceaccounts-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts

Upvotes: 2

Related Questions