Kubernetes: Unable to get services in namespace: logs"system:serviceaccount:default:default"

0 votes
Forbidden!Configured service account doesn't have access. Service account may have been revoked. User "system:serviceaccount:default:default" cannot get services in the namespace "mycomp-services-process"

I created a new namespace called "mycomp-service-process" and checked the issue but again it shows a message like this:

Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. User "system:serviceaccount:mycomp-services-process:default" cannot get services in the namespace "mycomp-services-process"
Oct 26, 2018 in Kubernetes by Damon Salvatore
• 5,510 points
894 views

1 answer to this question.

0 votes

Your approach is wrong here. Namespace is not the issue. Here the first error is that of the srviceaccount in the default namespace is unable to get the services. You should assign a role to that user using clusterrolebinding.

Using min. privileges, create a role to access and list services:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: service-reader
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["services"]
  verbs: ["get", "watch", "list"]

This will create a clusterrole which can list, get and watch services. Now you can use this clusterrole to create a clusterrolebinding:

kubectl create clusterrolebinding service-reader-pod \
  --clusterrole=service-reader  \
  --serviceaccount=default:default

Here the service-reader-pod is the name of clusterrolebinding and it assigns the service-reader clusterrole to the default serviceaccount in default namespace. Follow similar steps to rectify your second error.

In this case I created clusterrole and clusterrolebinding but you might want to create a roleand rolebinding instead. You can check the documentation in detail here

answered Oct 26, 2018 by ajs3033
• 7,280 points

Related Questions In Kubernetes

0 votes
1 answer

unable to start Kubernetes due to so many open files in system

You can try the following steps: You can ...READ MORE

answered May 1, 2018 in Kubernetes by shubham
• 6,890 points
244 views
0 votes
1 answer

Unable to get cgroup stats for docker and kubelet services

Try and start kubelet with the following ...READ MORE

answered Sep 3, 2018 in Kubernetes by DareDev
• 6,810 points
317 views
0 votes
1 answer
0 votes
1 answer

Unable to attach AWS EBS as volume in Kubernetes aws

You need to set the cloud provider ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
• 41,990 points
190 views
0 votes
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17 in Others by anonymous
2,964 views
+3 votes
1 answer
0 votes
1 answer

How to use gravitational teleport in a container/kubernetes environment?

You can use teleport to augment kubernetes ...READ MORE

answered Jun 28, 2018 in Kubernetes by ajs3033
• 7,280 points
391 views
0 votes
1 answer