Alex Luis Arias
Reputation: 1394
Kuberenetes 403: Cannot patch pods in the namespace
While trying to deploy a pod that utilizes the go-micro framework I received the following error:
2018/12/27 23:04:51 K8s: request failed with code 403
2018/12/27 23:04:51 K8s: request failed with body:
2018/12/27 23:04:51 {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods \"user-5676b5696-jspp5\" is forbidden: User \"system:serviceaccount:default:default\" cannot patch pods in the namespace \"default\"","reason":"Forbidden","details":{"name":"user-5676b5696-jspp5","kind":"pods"},"code":403}
2018/12/27 23:04:51 K8s: error
It seems like go-micro doesn't have the necessary permissions to patch pods from within a pod.
Upvotes: 0
Views: 1437
Answers (1)
Alex Luis Arias
Reputation: 1394
The issue was resolved with creating a cluster role binding that enables the correct permissions
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: micro-rbac
subjects:
- kind: ServiceAccount
# Reference to upper's `metadata.name`
name: default
# Reference to upper's `metadata.namespace`
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
Upvotes: 1
Related Questions
- In Cluster Config is unable to get pods when deployed in a non-default namespace
- How to access my pod in k8s using go-client
- Revision v0.0.0: Unknown for go get k8s.io/kubernetes
- Kubernetes pod failed to update
- Kubectl pods are not created
- [cloud-running-a-container]: No resources found in default namespace
- kubernetes client-go error: an empty namespace may not be set during creation
- Resource not found while reading logs for kubernetes pod in client go
- Error while creating pods in Kubernetes
- The kubernetes can't find correct go in ubuntu