-
Notifications
You must be signed in to change notification settings - Fork 424
Error when applying manifest #118
Comments
Hey, it looks the permissions you have as user are not enough to apply the manifest as it is.
You would need something higher permissions as user, because promethus needs to scrape |
I'm having the same issue, although I don't understand this: |
I believe this actually has to do with the kubernetes version we were running on. It seems like after upgrading the issue with deploying disappeared. We're currently on v1.13.2 |
This message
means your current user (the one you are using to submit the manifest with kubectl) has fewer privileges than the Prometheus needs. For security reasons you can not give an app more privileges than the ones, you have as an user. |
When applying manifest it ends with this error:
Error from server (Forbidden): error when creating "manifests-all.yaml": clusterroles.rbac.authorization.k8s.io "prometheus" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["get"]} PolicyRule{NonResourceURLs:["/metrics"], Verbs:["get"]}] user=&{server.domain.com [system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]
This is the outcome from applying before the error occurs:
Kubernetes v1.9.6
The text was updated successfully, but these errors were encountered: