faas-netes: deploy fail on kubernetes: kubectl apply fail
Expected Behaviour
success deploy faas-netes on kubernetes following the deployment_k8s.md guide
Current Behaviour
deploy fail with below error message: `kubectl apply -f ./faas.yml,monitoring.yml,rbac.yml
service “faas-netesd” configured serviceaccount “faas-controller” configured deployment “faas-netesd” configured service “gateway” configured deployment “gateway” configured service “prometheus” configured deployment “prometheus” configured service “alertmanager” configured deployment “alertmanager” configured clusterrolebinding “faas-controller” configured Error from server (Forbidden): error when creating “rbac.yml”: clusterroles.rbac.authorization.k8s.io “faas-controller” is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“get”]} PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“list”]} PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“watch”]} PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“create”]} PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“delete”]} PolicyRule{Resources:[“services”], APIGroups:[“”], Verbs:[“update”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“get”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“list”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“watch”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“create”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“delete”]} PolicyRule{Resources:[“deployments”], APIGroups:[“extensions”], Verbs:[“update”]}] user=&{rdtest@test.com.tw [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[“selfsubjectaccessreviews”], APIGroups:[“authorization.k8s.io”], Verbs:[“create”]} PolicyRule{NonResourceURLs:[“/api” “/api/" “/apis” "/apis/” “/healthz” “/swaggerapi” “/swaggerapi/*” “/version”], Verbs:[“get”]}] ruleResolutionErrors=[]`
Possible Solution
it’s similar like https://github.com/openfaas/faas-netes/issues/41. But I not use Helm and minikube
Steps to Reproduce (for bugs)
execute kubectl apply -f ./faas.yml,monitoring.yml,rbac.yml
Context
I have a image processing function want to use faas framework to triggered by my web service. But I stuck on deploy stage…The key error is: error when creating “rbac.yml”: clusterroles.rbac.authorization.k8s.io “faas-controller” is forbidden: attempt to grant extra privileges
I’m new in kubernetes. I’m not sure how to open the privileges on my kubernetes.
Your Environment
- Docker version
docker version(e.g. Docker 17.0.05 ): docker version Client: Version: 17.09.0-ce API version: 1.32 Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:40:09 2017 OS/Arch: darwin/amd64
Server: Version: 17.09.0-ce API version: 1.32 (minimum version 1.12) Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:45:38 2017 OS/Arch: linux/amd64 Experimental: true
- Are you using Docker Swarm or Kubernetes (FaaS-netes)? Kubernetes (FaaS-netes)
- Operating System and version (e.g. Linux, Windows, MacOS): MacOS 10.12.5
- Link to your project or a code example to reproduce issue:
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 22 (12 by maintainers)
I just hit exactly this issue trying to apply the helm chart on minikube. Applying the ClusterRole from the YAML file @stefanprodan supplied in #74 fixed it i.e. I created a YAML file with that ClusterRole, applied that file and then the helm installation worked fine.
After I use helm to delete old service account. I can install it using Helm. But when I try to run the faas-cli sample, it says I not deploy Faas. the error is show below:
Error removing existing function: Delete http://localhost:8080/system/functions: dial tcp [::1]:8080: getsockopt: connection refused, gateway=http://localhost:8080, functionName=url-ping Is FaaS deployed? Do you need to specify the --gateway flag? Post http://localhost:8080/system/functions: dial tcp [::1]:8080: getsockopt: connection refused