'client-go get configMap issue
I am trying to create a simple deployment on Kubernetes using client-go. Following the example, I am creating the inClusterConfig for the client. Also, I have created a role and a roleBinding for deployment SA to get, list and watch ConfigMap objects.
When using the Client.Get(), I am getting
Get "https://10.96.0.1:443/api/v1/namespaces/default/configmaps": Access Denied
Tried to exec into the pod and with curl https://10.96.0.1:443/api/v1/namespaces/default/configmaps with the token mounted in /var/run/secrets/..../token i was able to get the CM
any idea ?
also have created corresponding role and rolebinding
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: got-dynamic-cm-reader-Role
subjects:
- kind: ServiceAccount
name: got
namespace: default
Solution 1:[1]
In the example that you have mentioned, the service account that has been created has only cluster viewer role, which is insufficient if you are trying to create resources.
Try binding an admin role binding to the service account. But, for production purposes, you should use a more granular approach on adding permissions to the service account.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Luminance |