Flannel: clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:test" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

Created on 15 Feb 2019 · 12Comments · Source: coreos/flannel

Expected Behavior

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
should work fine.

Current Behavior

~
root@test # kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRole"
Name: "flannel", Namespace: ""
Object: &{map["apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRole" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"flannel"] "rules":[map["apiGroups":[""] "resources":["pods"] "verbs":["get"]] map["apiGroups":[""] "resources":["nodes"] "verbs":["list" "watch"]] map["apiGroups":[""] "resources":["nodes/status"] "verbs":["patch"]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:test" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRoleBinding"
Name: "flannel", Namespace: ""
Object: &{map["apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRoleBinding" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "roleRef":map["apiGroup":"rbac.authorization.k8s.io" "kind":"ClusterRole" "name":"flannel"] "subjects":[map["kind":"ServiceAccount" "name":"flannel" "namespace":"kube-system"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": clusterrolebindings.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:test" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "flannel", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "kind":"ServiceAccount" "metadata":map["name":"flannel" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": serviceaccounts "flannel" is forbidden: User "system:node:test" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-flannel-cfg", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "data":map["cni-conf.json":"{\n \"name\": \"cbr0\",\n \"plugins\": [\n {\n \"type\": \"flannel\",\n \"delegate\": {\n \"hairpinMode\": true,\n \"isDefaultGateway\": true\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\n \"portMappings\": true\n }\n }\n ]\n}\n" "net-conf.json":"{\n \"Network\": \"10.244.0.0/16\",\n \"Backend\": {\n \"Type\": \"vxlan\"\n }\n}\n"] "kind":"ConfigMap" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-cfg" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": configmaps "kube-flannel-cfg" is forbidden: User "system:node:test" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-amd64", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-amd64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["spec":map["containers":[map["resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"kube-flannel"]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"amd64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["name":"cni" "hostPath":map["path":"/etc/cni/net.d"]] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]] "metadata":map["labels":map["app":"flannel" "tier":"node"]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-amd64" is forbidden: User "system:node:test" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm64", Namespace: "kube-system"
Object: &{map["spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["name":"run" "hostPath":map["path":"/run"]] map["name":"cni" "hostPath":map["path":"/etc/cni/net.d"]] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["name":"flannel-cfg" "mountPath":"/etc/kube-flannel/"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"]]]]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm64"]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm64" is forbidden: User "system:node:test" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm" is forbidden: User "system:node:test" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-ppc64le", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-ppc64le" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["name":"flannel-cfg" "configMap":map["name":"kube-flannel-cfg"]]] "containers":[map["securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]] "name":"POD_NAME"] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"kube-flannel" "resources":map["limits":map["memory":"50Mi" "cpu":"100m"] "requests":map["cpu":"100m" "memory":"50Mi"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"]]] "nodeSelector":map["beta.kubernetes.io/arch":"ppc64le"] "serviceAccountName":"flannel"]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-ppc64le" is forbidden: User "system:node:test" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-s390x", Namespace: "kube-system"
Object: &{map["metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-s390x" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["tier":"node" "app":"flannel"]] "spec":map["volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["name":"flannel-cfg" "configMap":map["name":"kube-flannel-cfg"]]] "containers":[map["command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"]]] "hostNetwork":%!q(bool=true) "initContainers":[map["volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"install-cni"]] "nodeSelector":map["beta.kubernetes.io/arch":"s390x"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]]]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-s390x" is forbidden: User "system:node:test" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"

Possible Solution

No solution on the internet

I have rebuild my 3 boxes to a clean OS, but the error still exist, the forbidden authorization setting are outside of my 3 local boxes?

Steps to Reproduce (for bugs)

I just follow these 2 docs:

https://www.howtoforge.com/tutorial/centos-kubernetes-docker-cluster/

https://www.linuxtechi.com/install-kubernetes-1-7-centos7-rhel7/

Context

I have rebuild my 3 boxes to a clean OS, but the error still exist, the forbidden authorization setting are outside of my 3 local boxes?

Your Environment

Flannel version:
Backend used (e.g. vxlan or udp):
Etcd version:
Kubernetes version (if used):

~
root@test  # rpm -qa|grep kube
kubernetes-cni-0.6.0-0.x86_64
kubectl-1.13.3-0.x86_64
kubeadm-1.13.3-0.x86_64
kubelet-1.13.3-0.x86_64

Operating System and version: CentOS Linux release 7.6.1810 (Core)
Link to your project (optional):

Source

xuefengedu

Most helpful comment

From @xuefengedu , i add sudo and the error is gone:

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

IceMimosa on 13 Mar 2019

👍5

All 12 comments

it seems a problem of RBAC which seems not setting in my cluster of 3 boxes.
need to investigate more, don't know the reason now.

xuefengedu on 18 Feb 2019

I am also getting the same error, is there any solution ?

Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRole"
Name: "flannel", Namespace: ""
Object: &{map["rules":[map["verbs":["get"] "apiGroups":[""] "resources":["pods"]] map["apiGroups":[""] "resources":["nodes"] "verbs":["list" "watch"]] map["resources":["nodes/status"] "verbs":["patch"] "apiGroups":[""]]] "apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRole" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRoleBinding"
Name: "flannel", Namespace: ""
Object: &{map["apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRoleBinding" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "roleRef":map["apiGroup":"rbac.authorization.k8s.io" "kind":"ClusterRole" "name":"flannel"] "subjects":[map["kind":"ServiceAccount" "name":"flannel" "namespace":"kube-system"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": clusterrolebindings.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "flannel", Namespace: "kube-system"
Object: &{map["metadata":map["name":"flannel" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "apiVersion":"v1" "kind":"ServiceAccount"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": serviceaccounts "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-flannel-cfg", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "data":map["cni-conf.json":"{\n \"name\": \"cbr0\",\n \"plugins\": [\n {\n \"type\": \"flannel\",\n \"delegate\": {\n \"hairpinMode\": true,\n \"isDefaultGateway\": true\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\n \"portMappings\": true\n }\n }\n ]\n}\n" "net-conf.json":"{\n \"Network\": \"10.244.0.0/16\",\n \"Backend\": {\n \"Type\": \"vxlan\"\n }\n}\n"] "kind":"ConfigMap" "metadata":map["name":"kube-flannel-cfg" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": configmaps "kube-flannel-cfg" is forbidden: User "system:node:k8s-master" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-amd64", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-amd64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["hostNetwork":%!q(bool=true) "initContainers":[map["command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"]]] "nodeSelector":map["beta.kubernetes.io/arch":"amd64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]] "name":"POD_NAMESPACE"]] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-amd64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm64", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm64" "namespace":"kube-system"] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["nodeSelector":map["beta.kubernetes.io/arch":"arm64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"kube-flannel" "resources":map["limits":map["memory":"50Mi" "cpu":"100m"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"install-cni" "volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm", Namespace: "kube-system"
Object: &{map["kind":"DaemonSet" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm" "namespace":"kube-system"] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["name":"flannel-cfg" "configMap":map["name":"kube-flannel-cfg"]]] "containers":[map["securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]] "name":"POD_NAME"] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]]]]] "apiVersion":"extensions/v1beta1"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-ppc64le", Namespace: "kube-system"
Object: &{map["metadata":map["name":"kube-flannel-ds-ppc64le" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"]] "spec":map["template":map["spec":map["containers":[map["securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"install-cni"]] "nodeSelector":map["beta.kubernetes.io/arch":"ppc64le"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]] "metadata":map["labels":map["app":"flannel" "tier":"node"]]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-ppc64le" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-s390x", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-s390x" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["name":"cni" "hostPath":map["path":"/etc/cni/net.d"]] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"install-cni"]] "nodeSelector":map["beta.kubernetes.io/arch":"s390x"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-s390x" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
[root@k8s-master bin]#

[root@k8s-master bin]# kubectl version
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:08:12Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
[root@k8s-master bin]#
[root@k8s-master bin]#
[root@k8s-master bin]# uname -a
Linux k8s-master 3.10.0-862.14.4.el7.x86_64 #1 SMP Fri Sep 21 09:07:21 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@k8s-master bin]#

unixetisalat on 21 Feb 2019

Fixed using kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml, just share it.

xuefengedu on 21 Feb 2019

latest kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml seems has problem, I got above command from https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ , and it works fine.

there are many difference changes: https://www.diffchecker.com/Fr9rkyny

xuefengedu on 21 Feb 2019

👍2

Tried both , but still getting the error.

[root@k8s-master rsd]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRole"
Name: "flannel", Namespace: ""
Object: &{map["apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRole" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "rules":[map["apiGroups":[""] "resources":["pods"] "verbs":["get"]] map["apiGroups":[""] "resources":["nodes"] "verbs":["list" "watch"]] map["apiGroups":[""] "resources":["nodes/status"] "verbs":["patch"]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRoleBinding"
Name: "flannel", Namespace: ""
Object: &{map["metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "roleRef":map["kind":"ClusterRole" "name":"flannel" "apiGroup":"rbac.authorization.k8s.io"] "subjects":[map["kind":"ServiceAccount" "name":"flannel" "namespace":"kube-system"]] "apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRoleBinding"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": clusterrolebindings.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "flannel", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "kind":"ServiceAccount" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"flannel" "namespace":"kube-system"]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": serviceaccounts "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-flannel-cfg", Namespace: "kube-system"
Object: &{map["metadata":map["labels":map["tier":"node" "app":"flannel"] "name":"kube-flannel-cfg" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "apiVersion":"v1" "data":map["cni-conf.json":"{\n \"name\": \"cbr0\",\n \"plugins\": [\n {\n \"type\": \"flannel\",\n \"delegate\": {\n \"hairpinMode\": true,\n \"isDefaultGateway\": true\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\n \"portMappings\": true\n }\n }\n ]\n}\n" "net-conf.json":"{\n \"Network\": \"10.244.0.0/16\",\n \"Backend\": {\n \"Type\": \"vxlan\"\n }\n}\n"] "kind":"ConfigMap"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": configmaps "kube-flannel-cfg" is forbidden: User "system:node:k8s-master" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-amd64", Namespace: "kube-system"
Object: &{map["metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-amd64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["initContainers":[map["command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"]]] "nodeSelector":map["beta.kubernetes.io/arch":"amd64"] "serviceAccountName":"flannel" "tolerations":[map["operator":"Exists" "effect":"NoSchedule"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["memory":"50Mi" "cpu":"100m"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]]]] "hostNetwork":%!q(bool=true)]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-amd64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm64", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm64"] "serviceAccountName":"flannel"]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["containers":[map["command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"kube-flannel" "resources":map["requests":map["cpu":"100m" "memory":"50Mi"] "limits":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-ppc64le", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-ppc64le" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["containers":[map["resources":map["requests":map["cpu":"100m" "memory":"50Mi"] "limits":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)] "volumeMounts":[map["mountPath":"/run" "name":"run"] map["name":"flannel-cfg" "mountPath":"/etc/kube-flannel/"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"kube-flannel"]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"ppc64le"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-ppc64le" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-s390x", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-s390x" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["containers":[map["volumeMounts":[map["mountPath":"/run" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["privileged":%!q(bool=true)]]] "hostNetwork":%!q(bool=true) "initContainers":[map["name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-s390x"]] "nodeSelector":map["beta.kubernetes.io/arch":"s390x"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["name":"run" "hostPath":map["path":"/run"]] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-s390x" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
[root@k8s-master rsd]#

[root@k8s-master rsd]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=podsecuritypolicies", GroupVersionKind: "extensions/v1beta1, Kind=PodSecurityPolicy"
Name: "psp.flannel.unprivileged", Namespace: ""
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"PodSecurityPolicy" "metadata":map["annotations":map["apparmor.security.beta.kubernetes.io/allowedProfileNames":"runtime/default" "apparmor.security.beta.kubernetes.io/defaultProfileName":"runtime/default" "seccomp.security.alpha.kubernetes.io/allowedProfileNames":"docker/default" "seccomp.security.alpha.kubernetes.io/defaultProfileName":"docker/default" "kubectl.kubernetes.io/last-applied-configuration":""] "name":"psp.flannel.unprivileged"] "spec":map["hostNetwork":%!q(bool=true) "privileged":%!q(bool=false) "readOnlyRootFilesystem":%!q(bool=false) "allowPrivilegeEscalation":%!q(bool=false) "defaultAddCapabilities":[] "defaultAllowPrivilegeEscalation":%!q(bool=false) "fsGroup":map["rule":"RunAsAny"] "hostIPC":%!q(bool=false) "hostPorts":[map["max":'\uffff' "min":'\x00']] "hostPID":%!q(bool=false) "requiredDropCapabilities":[] "supplementalGroups":map["rule":"RunAsAny"] "seLinux":map["rule":"RunAsAny"] "volumes":["configMap" "secret" "emptyDir" "hostPath"] "allowedCapabilities":["NET_ADMIN"] "allowedHostPaths":[map["pathPrefix":"/etc/cni/net.d"] map["pathPrefix":"/etc/kube-flannel"] map["pathPrefix":"/run/flannel"]] "runAsUser":map["rule":"RunAsAny"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": podsecuritypolicies.extensions "psp.flannel.unprivileged" is forbidden: User "system:node:k8s-master" cannot get resource "podsecuritypolicies" in API group "extensions" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRole"
Name: "flannel", Namespace: ""
Object: &{map["kind":"ClusterRole" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "rules":[map["verbs":["use"] "apiGroups":["extensions"] "resourceNames":["psp.flannel.unprivileged"] "resources":["podsecuritypolicies"]] map["apiGroups":[""] "resources":["pods"] "verbs":["get"]] map["resources":["nodes"] "verbs":["list" "watch"] "apiGroups":[""]] map["verbs":["patch"] "apiGroups":[""] "resources":["nodes/status"]]] "apiVersion":"rbac.authorization.k8s.io/v1beta1"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1beta1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1beta1, Kind=ClusterRoleBinding"
Name: "flannel", Namespace: ""
Object: &{map["apiVersion":"rbac.authorization.k8s.io/v1beta1" "kind":"ClusterRoleBinding" "metadata":map["name":"flannel" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "roleRef":map["apiGroup":"rbac.authorization.k8s.io" "kind":"ClusterRole" "name":"flannel"] "subjects":[map["kind":"ServiceAccount" "name":"flannel" "namespace":"kube-system"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": clusterrolebindings.rbac.authorization.k8s.io "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "flannel", Namespace: "kube-system"
Object: &{map["metadata":map["name":"flannel" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "apiVersion":"v1" "kind":"ServiceAccount"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": serviceaccounts "flannel" is forbidden: User "system:node:k8s-master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-flannel-cfg", Namespace: "kube-system"
Object: &{map["apiVersion":"v1" "data":map["cni-conf.json":"{\n \"name\": \"cbr0\",\n \"plugins\": [\n {\n \"type\": \"flannel\",\n \"delegate\": {\n \"hairpinMode\": true,\n \"isDefaultGateway\": true\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\n \"portMappings\": true\n }\n }\n ]\n}\n" "net-conf.json":"{\n \"Network\": \"10.244.0.0/16\",\n \"Backend\": {\n \"Type\": \"vxlan\"\n }\n}\n"] "kind":"ConfigMap" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-cfg" "namespace":"kube-system"]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": configmaps "kube-flannel-cfg" is forbidden: User "system:node:k8s-master" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-amd64", Namespace: "kube-system"
Object: &{map["kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-amd64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["volumes":[map["hostPath":map["path":"/run/flannel"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["volumeMounts":[map["mountPath":"/run/flannel" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["capabilities":map["add":["NET_ADMIN"]] "privileged":%!q(bool=false)]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-amd64" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["name":"flannel-cfg" "mountPath":"/etc/kube-flannel/"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"amd64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]]]]] "apiVersion":"extensions/v1beta1"]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-amd64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm64", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm64" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["spec":map["initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"install-cni" "volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm64"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run/flannel"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-arm64" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["capabilities":map["add":["NET_ADMIN"]] "privileged":%!q(bool=false)] "volumeMounts":[map["mountPath":"/run/flannel" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "hostNetwork":%!q(bool=true)] "metadata":map["labels":map["app":"flannel" "tier":"node"]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm64" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-arm", Namespace: "kube-system"
Object: &{map["apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-arm" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]] "spec":map["template":map["spec":map["serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]] "volumes":[map["hostPath":map["path":"/run/flannel"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["capabilities":map["add":["NET_ADMIN"]] "privileged":%!q(bool=false)] "volumeMounts":[map["mountPath":"/run/flannel" "name":"run"] map["name":"flannel-cfg" "mountPath":"/etc/kube-flannel/"]] "args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-arm" "name":"install-cni" "volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"arm"]] "metadata":map["labels":map["app":"flannel" "tier":"node"]]]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-arm" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-ppc64le", Namespace: "kube-system"
Object: &{map["spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"kube-flannel" "resources":map["limits":map["cpu":"100m" "memory":"50Mi"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["capabilities":map["add":["NET_ADMIN"]] "privileged":%!q(bool=false)] "volumeMounts":[map["mountPath":"/run/flannel" "name":"run"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"] "command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-ppc64le" "name":"install-cni" "volumeMounts":[map["name":"cni" "mountPath":"/etc/cni/net.d"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "nodeSelector":map["beta.kubernetes.io/arch":"ppc64le"] "serviceAccountName":"flannel" "tolerations":[map["operator":"Exists" "effect":"NoSchedule"]] "volumes":[map["hostPath":map["path":"/run/flannel"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]]]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["labels":map["app":"flannel" "tier":"node"] "name":"kube-flannel-ds-ppc64le" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-ppc64le" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "extensions/v1beta1, Resource=daemonsets", GroupVersionKind: "extensions/v1beta1, Kind=DaemonSet"
Name: "kube-flannel-ds-s390x", Namespace: "kube-system"
Object: &{map["spec":map["template":map["metadata":map["labels":map["app":"flannel" "tier":"node"]] "spec":map["volumes":[map["hostPath":map["path":"/run/flannel"] "name":"run"] map["hostPath":map["path":"/etc/cni/net.d"] "name":"cni"] map["configMap":map["name":"kube-flannel-cfg"] "name":"flannel-cfg"]] "containers":[map["args":["--ip-masq" "--kube-subnet-mgr"] "command":["/opt/bin/flanneld"] "env":[map["name":"POD_NAME" "valueFrom":map["fieldRef":map["fieldPath":"metadata.name"]]] map["name":"POD_NAMESPACE" "valueFrom":map["fieldRef":map["fieldPath":"metadata.namespace"]]]] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"kube-flannel" "resources":map["limits":map["memory":"50Mi" "cpu":"100m"] "requests":map["cpu":"100m" "memory":"50Mi"]] "securityContext":map["capabilities":map["add":["NET_ADMIN"]] "privileged":%!q(bool=false)] "volumeMounts":[map["name":"run" "mountPath":"/run/flannel"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]]]] "hostNetwork":%!q(bool=true) "initContainers":[map["command":["cp"] "image":"quay.io/coreos/flannel:v0.11.0-s390x" "name":"install-cni" "volumeMounts":[map["mountPath":"/etc/cni/net.d" "name":"cni"] map["mountPath":"/etc/kube-flannel/" "name":"flannel-cfg"]] "args":["-f" "/etc/kube-flannel/cni-conf.json" "/etc/cni/net.d/10-flannel.conflist"]]] "nodeSelector":map["beta.kubernetes.io/arch":"s390x"] "serviceAccountName":"flannel" "tolerations":[map["effect":"NoSchedule" "operator":"Exists"]]]]] "apiVersion":"extensions/v1beta1" "kind":"DaemonSet" "metadata":map["name":"kube-flannel-ds-s390x" "namespace":"kube-system" "annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"flannel" "tier":"node"]]]}
from server for: "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": daemonsets.extensions "kube-flannel-ds-s390x" is forbidden: User "system:node:k8s-master" cannot get resource "daemonsets" in API group "extensions" in the namespace "kube-system"
[root@k8s-master rsd]#

unixetisalat on 24 Feb 2019

I also don't know the real reason, but it seems there is some setting outside my cluster affected the resource RBAC.

xuefengedu on 25 Feb 2019

The master kube-flannel.yml works for me (version 1.13.3) . May I know what version of kubernetes are you using?
There is known backward in-compatibility with versions prior to 1.9.8, for which you should use https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-old.yaml

rajatchopra on 25 Feb 2019

I also see this from above comments:

User "system:node:test" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope..

Can you convey the output of kubectl config current-context? It could just be the wrong context when you are running the 'create -f' command.

rajatchopra on 25 Feb 2019

mine works fine now:kubernetes-admin@kubernetes, but it seems @unixetisalat still has issue.

xuefengedu on 26 Feb 2019

@rajatchopra iam using 1.13.3.

[root@k8master ~]# kubectl config current-context
system:node:k8master@kubernetes
[root@k8master ~]#

[root@k8master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T21:04:45Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
[root@k8master ~]#

unixetisalat on 27 Feb 2019

@rajatchopra

Getting below error as well.

[root@k8master ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
Error from server (Forbidden): nodes "k8master" is forbidden: node "k8master" cannot modify taints
[root@k8master ~]#

unixetisalat on 27 Feb 2019

From @xuefengedu , i add sudo and the error is gone:

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

IceMimosa on 13 Mar 2019

👍5

Was this page helpful?

0 / 5 - 0 ratings

Related issues

*: add IPv6 support

Nurza · 31Comments

Could not find valid interface on windows

devenfan · 13Comments

L3 miss and Route not found loop

cpg1111 · 26Comments

Flannel + etcdv3?

bhouse · 19Comments

AWS VPC limits curb scalability of aws-vpc backend

rohansingh · 9Comments