Can't deploy to GKE by a specific linux user
Question
We have a Jenkins virtual machine on GCE which deals with deployments, including the ones we do to GKE. We've tried to deploy a project which we have not touched for some time. The deployment failed when calling
kubectl set image deployment my-deployment my-deployment=gcr.io/my-project/my-project:version-tag
getting this error:
Error from server (Forbidden): deployments.extensions "my-deployment" is forbidden: User "client" cannot get resource "deployments" in API group "extensions" in the namespace "default"
The weird thing is, if I log in to the machine, use my Linux user + my gcloud user, I can deploy fine. But when switching to the jenkins user using su - jenkins and then authorizing gcloud with my user I get this same error that our deploy account gets.
Please advise how to fix.
1 answers
solution1
1 2020-11-18 20:04:47
It seems related to cluster RBAC configurations. Did you enable the RBAC fo Google Groups ? In this case you should follow the instructions in the documentation above or disable it.
Otherwise, ss Raman Sailopal stated, you can try this:
- with your regular user run
kubectl config get-contextsto retrieve your current context - copy from
/home/Linux user/.kube/configto/home/jenkins/.kube/config - change user to jenkins and be sure you're using the same context by running
kubectl config get-contextsandkubectl config set-context ... - try your rights with:
# Check to see if I can create deployments in any namespace
kubectl auth can-i create deployments
# Check to see if I can list deployments in my current namespace
kubectl auth can-i list deployments.extensions
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.