Flux: cannot patch secrets in the namespace kube-system
git clone https://github.com/weaveworks/flux
cd flux
kubectl apply -f deploy
...
kubectl logs -f flux-7b4dbb76d6-mg45j
ts=2019-01-16T12:56:39.059459979Z caller=main.go:153 version=1.9.0
ts=2019-01-16T12:56:39.136186881Z caller=main.go:237 err="secrets \"flux-git-deploy\" is forbidden: User \"system:serviceaccount:kube-system:flux\" cannot patch secrets in the namespace \"kube-system\""
dmitrievav
All 5 comments
Looks like your kubectl is set with kube-system as the default namespace. The deploy yamls only work when running Flux in the default namespace. Delete Flux from kube-system and install it with kubectl -n default apply -f deploy
stefanprodan
on 16 Jan 2019
Or: if you're applying the manifests in a namespace other than default, you'll need to edit this line: https://github.com/weaveworks/flux/blob/master/deploy/flux-account.yaml#L37 so that the ClusterRoleBinding refers to the right service account.
squaremo
on 16 Jan 2019
You are right. I was in kube-system by mistake ...
dmitrievav
on 16 Jan 2019
but with helm chart seems you create a flux namespace ... why don't do it by default without helm as well ?
dmitrievav
on 16 Jan 2019
You should be able to install the Helm chart in whichever namespace you want. The same is true of the example deployments, it just takes some manual work.
squaremo
on 16 Jan 2019
Related issues
phoppe93
路
4Comments
alejandrox1
路
3Comments
IsNull
路
4Comments
cloudpea
路
3Comments
eimarfandino
路
3Comments
Most helpful comment
Or: if you're applying the manifests in a namespace other than
default, you'll need to edit this line: https://github.com/weaveworks/flux/blob/master/deploy/flux-account.yaml#L37 so that the ClusterRoleBinding refers to the right service account.