Error on deploying rabbitmq cluster

107 views
Skip to first unread message

stsy ss38

unread,
Feb 28, 2023, 3:26:12 AM2/28/23
to rabbitmq-users
Hello
I work on tanzu kubernetes cluster. (1.23)
I install the rabbitmq operator with bitnami helm version. The installation was ok

The problem is on the utilization when i want to create a rabbitmq clusters on namespace with a user that is admin of the namespace !! 
The error is >> Error from server (Forbidden): error when creating "STDIN": rabbitmqclusters.rabbitmq.com is forbidden: User "sso:xx...@samse.fr" cannot create resource "rabbitmqclusters" in API group "rabbitmq.com" in the namespace "ns-data-mdm-int"
I tried to create a cluster role 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    servicebinding.io/controller: "true"
rules:
- apiGroups:
  - rabbitmq.com
  resources:
  - rabbitmqclusters
  verbs:
  - get
  - list
  - watch

and attibute a rolebinding to  the user that deploy the cluster 
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
  name: rb-samse-rabbitmq-system-claim
  namespace: ns-data-mdm-int
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: resource-claims-rabbitmq
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: sso:k8s-grp-...@samse.fr

But the probleme is always here

Do you see the problem ? 
Thanks for all 


Michal Kuratczyk

unread,
Feb 28, 2023, 3:33:47 AM2/28/23
to rabbitm...@googlegroups.com
Hi,

This doesn't seem to be RabbitMQ related really, just Kubernetes permissions. At first glance, you missed the "create" verb in the ClusterRole definition.

Best,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/988f87a8-9869-4414-a29b-0de8aaf02f9fn%40googlegroups.com.


--
Michał
RabbitMQ team

SILLY Stephane

unread,
Feb 28, 2023, 3:39:39 AM2/28/23
to rabbitm...@googlegroups.com

Hello

That seems good with create verb

That seems very strange because on a precedent version of kubernetes, the create was not necessary

I go on my instannation

Thanks for all for your quick advice

 

De : rabbitm...@googlegroups.com <rabbitm...@googlegroups.com> De la part de Michal Kuratczyk
Envoyé : mardi 28 février 2023 09:33
À : rabbitm...@googlegroups.com
Objet : Re: [rabbitmq-users] Error on deploying rabbitmq cluster

 

Hi, This doesn't seem to be RabbitMQ related really, just Kubernetes permissions. At first glance, you missed the "create" verb in the ClusterRole definition. Best, On Tue, Feb 28, 2023 at 9: 26 AM 'stsy ss38' via rabbitmq-users

ZjQcmQRYFpfptBannerStart

Ce message ne provient pas d'un expéditeur de confiance

Vous n'avez jamais échangé avec ce correspondant.

ZjQcmQRYFpfptBannerEnd

Michal Kuratczyk

unread,
Feb 28, 2023, 3:42:20 AM2/28/23
to rabbitm...@googlegroups.com
You can't create resources without the "create" permission, so it was definitely needed. Perhaps you just lost it in the process of upgrading or something.

Best,



--
Michał
RabbitMQ team
Reply all
Reply to author
Forward
0 new messages