I am trying to install loki with helm
$ helm upgrade --install loki grafana/loki-stack
I got the following error msg:
Release "loki" does not exist. Installing it now.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy "loki" is forbidden: User "secret user :)" cannot get resource "podsecuritypolicies" in API group "policy" at the cluster scope
$ helm list -all
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
I'm a simple user, but I can make deployment/pods via yaml files manual. I need to use helm charts.
CodePudding user response:
It seems that your User has insufficient privileges to create policies. You need to ask your cluster administrator for more privileges, unless you can assign them yourself to this user. I'm providing example yaml below to achieve that. First, create ClusterRole with proper privileges:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: <role name>
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['get']
Then, you need to bind this ClusterRole to user(s):
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: <binding name>
roleRef:
kind: ClusterRole
name: <role name>
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize all service accounts in a namespace (recommended):
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts:<authorized namespace>
# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
name: <authorized service account name>
namespace: <authorized pod namespace>
# Authorize specific users (not recommended):
- kind: User
apiGroup: rbac.authorization.k8s.io
name: <authorized user name>
Go here for more detailed explanation.