Error: release gocd failed: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:kube-system:tiller" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope #54
Description
I am following below link for installing GoCD using helm chart,
https://docs.gocd.org/current/gocd_on_kubernetes/gocd_helm_chart/helm_install.html
when I run below command it gives error:
$ helm install stable/gocd --name gocd --namespace gocd
Error: release gocd failed: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:kube-system:tiller" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Below is the clusterRoleBinding for tiller service account.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"cluster-admin-tiller"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"apiGroup":"","kind":"ServiceAccount","name":"tiller","namespace":"kube-system"}]}
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2019-06-21T07:15:12Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin-tiller
resourceVersion: "371704"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin-tiller
uid: 4f5aedb7-93f4-11e9-825b-021cf6c0635e
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
Not able to get rid of this error even after binding cluster-admin ClusterRole to the Service account tiller and default.
Please assist