Replies: 5 comments 3 replies
-
I'm seeing the same issue and I am using Traefik:
I tried adding a cluster role to deployment, however, this hasn't changed anything (I'm not super familiar with ClusterRole's though): ---
apiVersion: v1
kind: ServiceAccount
metadata:
name: homepage
namespace: homepage
labels:
app.kubernetes.io/name: homepage
secrets:
- name: homepage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"] # also tried `customresourcedefinitions/status` and `customresourcedefinitions/*`
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: homepage
subjects:
- kind: ServiceAccount
name: homepage
namespace: homepage This is consumed in the RC spec: ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage
namespace: homepage
labels:
app.kubernetes.io/name: homepage
spec:
replicas: 1
template:
spec:
serviceAccountName: homepage |
Beta Was this translation helpful? Give feedback.
-
Can't we just disable the Traefik integration somehow? |
Beta Was this translation helpful? Give feedback.
-
I was getting this error as well when I was using the Kubernetes manifest files from the Kubernetes Installation guide, but not when I was using the helm chart. It appears the ClusterRole config is missing some entries that are present with the helm chart install. Here's the rules that I used and I now don't get this error in the logs. I am using Traefik as my default ingress controller. rules:
- apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- ingressroutes
verbs:
- get
- list
- apiGroups:
- metrics.k8s.io
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions/status
verbs:
- get |
Beta Was this translation helpful? Give feedback.
-
This discussion has been automatically closed due to inactivity. See our contributing guidelines for more details. |
Beta Was this translation helpful? Give feedback.
-
This discussion has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion for related concerns. See our contributing guidelines for more details. |
Beta Was this translation helpful? Give feedback.
-
I'm running homepage on K3s, using Nginx for ingress. I'm getting an error when i try to enable the kubernetes widget, which I assume is because I'm using Nginx, not Traefix. I've added the clusterbinding, service account, etc
Is there a way around this, or am I doomed to not see any metrics?
error: <service-helpers> Error checking if CRD ingressroutes.traefik.containo.us exists. Make sure to add the following permission to your RBAC: 403 customresourcedefinitions.apiextensions.k8s.io "ingressroutes.traefik.containo.us" is forbidden: User "system:serviceaccount:homepage:default" cannot get resource "customresourcedefinitions/status" in API group "apiextensions.k8s.io" at the cluster scope %s 2023-10-20T23:09:30.928405689Z [2023-10-20T23:09:30.928Z] error: <service-helpers> Error checking if CRD ingressroutes.traefik.io exists. Make sure to add the following permission to your RBAC: 403 customresourcedefinitions.apiextensions.k8s.io "ingressroutes.traefik.io" is forbidden: User "system:serviceaccount:homepage:default" cannot get resource "customresourcedefinitions/status" in API group "apiextensions.k8s.io" at the cluster scope %s
Beta Was this translation helpful? Give feedback.
All reactions