Can’t add a Google Kubernetes cluster to Spinnaker


#1

We have a Spinnaker Google Kubernetes deployment to which we would like to add a Google Kubernetes Cluster to. I’m following the steps listed in the following doc to add a K8 cluster.

During several attempts, we receive the following error with no idea how to get past this. Any help would be appreciated. Thank you.

! ERROR Unexpected exception:
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST
at: https://xxxxxxxx/api/v1/namespaces. Message: Forbidden! User
spin-deploy7 doesn’t have permission. namespaces is
forbidden: User “system:serviceaccount:default:spinnaker-service-account” cannot
create namespaces at the cluster scope: Unknown user
“system:serviceaccount:default:spinnaker-service-account”.


#2

We seem to be completely stuck on this. We can’t carry forward. Any help would be appreciated.


#3

This will completely solve this issue , its an RBAC where you need to allow so that that user can get acces to the cluster . I too was stuck on this issue ,

kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous


#4

@AdheipSingh Thank you for your reply. However, in my situation I’m attempting to add a deploy KGE cluster to be managed by Spinnaker. Your role binding command to allow access would resolve the error, but Hal would end up deploying Spinnaker to what was intended to be a Spinnaker deploy KGE cluster. It turned out that the RBAC related doc is misleading. The Hal configuration below (from the RBAC instructions) sets the deploy cluster to be a Spinnaker cluster where in fact it should not be executed (omitted as a step) as the correct Spinnaker cluster account is already set in the configs.
hal config deploy edit \ --account-name my-test-account \ --type distributed


#5

@alex25555 , seems you want to deploy a GKE cluster using spinnaker , right ?


#6

We were attempting to add a GKE Cluster to deploy to using an existing Spinnaker installation.