Configuring RBAC for kubernetes

Question

I used the following guide to set up my chaostoolkit cluster: https://chaostoolkit.org/deployment/k8s/operator/

I am attempting to kill a pod using kubernetes, however the following error:

HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:serviceaccount:chaostoolkit-run:chaostoolkit-b3af262edb\" cannot list resource \"pods\" in API group \"\" in the namespace \"task-dispatcher\"","reason":"Forbidden","details":{"kind":"pods"},"code":403}

I set my serviceAccountName to an RBAC that I created but for some reason my kubernetes defaults to "system:serviceaccount:chaostoolkit-run:chaostoolkit-b3af262edb".

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-chaos-exp
  namespace: chaostoolkit-run
data:
  experiment.yaml: | 
    ---
    version: 1.0.0
    title: Terminate Pod Experiment
    description: If a pod gets terminated, a new one should be created in its place in a reasonable amount of time.
    tags: ["kubernetes"]
    secrets: 
      k8s:
        KUBERNETES_CONTEXT: "docker-desktop"
    method:
    - type: action
      name: terminate-k8s-pod
      provider:
        type: python
        module: chaosk8s.pod.actions
        func: terminate_pods
        arguments:
          label_selector: ''
          name_pattern: my-release-rabbitmq-[0-9]$
          rand: true
          ns: default
---
apiVersion: chaostoolkit.org/v1
kind: ChaosToolkitExperiment
metadata:
  name: my-chaos-exp
  namespace: chaostoolkit-crd
spec:
  serviceAccountName: test-user
  automountServiceAccountToken: false
  pod:
    image: chaostoolkit/chaostoolkit:full
    imagePullPolicy: IfNotPresent
    experiment:
      configMapName: my-chaos-exp
      configMapExperimentFileName: experiment.yaml
  restartPolicy: Never

Configuring RBAC for kubernetes

Answers (1)

Related Questions