I have been trying to install JupyterHub on a custom Kubernetes cluster in a specific namespace. We are using Helm 3 as all the rest of our packages are installed with it. However, we are getting this error when installing:
$ helm install jupyterhub --namespace adri-jupyter -f ../../config_final.yaml . -v 10
... Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: clusterroles.rbac.authorization.k8s.io "jupyterhub-user-scheduler-complementary" is forbidden: User "u-qgt8f" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope: RBAC: clusterrole.rbac.authorization.k8s.io "p-s6jxq-namespaces-edit" not found
I guess it has something to do with the roles that are assigned to me as an owner of the namespace, since I get a similar error when running
$ kubectl get clusterrole --namespace adri-jupyter
Error from server (Forbidden): clusterroles.rbac.authorization.k8s.io is forbidden: User "u-qgt8f" cannot list resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope: RBAC: clusterrole.rbac.authorization.k8s.io "p-s6jxq-namespaces-edit" not found
We are dealing with some configurations issues regarding user’s roles as we do not want full control of the kubernetes cluster for users that are allowed to be a specific namespace’s owners. This way, we are trying to figure out which roles are required to install the JupyterHub on Kubernetes.
My main concerns are:
- How do we solve this issue?
- What RBAC roles does a user need in order to install JupyterHub?