Dashboard: Unable to run Dashboard on Minikube with RBAC
Environment
Dashboard version: 1.8.2
Kubernetes version: 1.8.0
Operating system: Windows 10 (1709 16299.192)
Node.js version: v9.3.0
Go version: N/A
Steps to reproduce
- Launch minikube in RBAC mode
minikube start --extra-config=apiserver.Authorization.Mode=RBAC
- Deploy Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kuberne
tes-dashboard.yaml
- Dashboard pod fails to deploy, verified with kubectl get pods --namespace=kube-system
PS C:\wip> kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
kube-addon-manager-minikube 1/1 Running 0 1m
kube-dns-86f6f55dd5-fnqkr 2/3 Running 0 1m
kubernetes-dashboard-7rb4g 0/1 CrashLoopBackOff 3 1m
kubernetes-dashboard-c8b4bc89b-xwlg7 1/1 Running 0 10s
storage-provisioner 1/1 Running 0 1m
Observed result
Dashboard pod fails to deploy successfully.
Pod logs (via kubectl logs kubernetes-dashboard-7rb4g --namespace=kube-system)
2018/01/27 19:20:23 Synchronizer kubernetes-dashboard-key-holder-kube-system exited with error: kubernetes-dashboard-key-holder-kube-system watch ended with timeout
panic: secrets is forbidden: User "system:serviceaccount:kube-system:default" cannot create secrets in the namespace "kube-system"
goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.(*rsaKeyHolder).init(0xc4201d05e0)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:132 +0x2d3
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.NewRSAKeyHolder(0x1a78da0, 0xc4203c7620, 0xc4203c7620, 0x1278920)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:171 +0x83
main.initAuthManager(0x1a77300, 0xc42014d1a0, 0x384, 0x1, 0x1)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:160 +0x12f
main.main()
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:94 +0x27b
Expected result
Pods should deploy successfully.
Comments
Works successfully without RBAC (launching minikube with just 'minikube start').
Apologies if I've bungled anything. Working on learning K8s.
rayterrill
All 5 comments
I think that Dashboard deploy was not successful as error says that container is using system:serviceaccount:kube-system:default instead of kubernetes-dashboard SA.
floreks
on 27 Jan 2018
I saw that. Anything I can check to see why that would be happening? I can repeat this at will.
rayterrill
on 27 Jan 2018
Upgraded to minikube v0.25.0, and this is now working for me even in RBAC mode.
rayterrill
on 27 Jan 2018
Hi all,
I've upgraded to v0.25.2 but same error while run with this command minikube start --extra-config=apiserver.Authorization.Mode=RBAC
kube-system kube-addon-manager-minikube 1/1 Running 0 31m
kube-system kube-dns-54cccfbdf8-jpb7j 1/3 CrashLoopBackOff 18 31m
kube-system kubernetes-dashboard-77d8b98585-ts8r7 0/1 CrashLoopBackOff 10 31m
kube-system storage-provisioner 1/1 Running 0 31m
kube-system tiller-deploy-7bf964fff8-85srv 1/1 Running 0 12m
gokhandincer
on 30 Mar 2018
@gokhandincer solved this by using this:
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
From this link: https://gist.github.com/F21/08bfc2e3592bed1e931ec40b8d2ab6f5
pplavetzki
on 4 Apr 2018
Related issues
Fohlen
路
4Comments
mhobotpplnet
路
3Comments
eloyekunle
路
3Comments
billcloud-me
路
5Comments
maciaszczykm
路
4Comments
Most helpful comment
@gokhandincer solved this by using this:
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:defaultFrom this link: https://gist.github.com/F21/08bfc2e3592bed1e931ec40b8d2ab6f5