Convox Community

Can't deploy to Digital Ocean

I’m a first time user of Convox, followed the instructions here and received a number of permission errors from Kubernetes:

Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:anonymous" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

  on ../../terraform/api/k8s/atom.tf line 1, in resource "kubernetes_cluster_role" "atom":
   1: resource "kubernetes_cluster_role" "atom" {



Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:anonymous" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

  on ../../terraform/api/k8s/main.tf line 14, in resource "kubernetes_cluster_role" "api":
  14: resource "kubernetes_cluster_role" "api" {



Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:anonymous" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

  on ../../terraform/fluentd/k8s/main.tf line 9, in resource "kubernetes_cluster_role" "fluentd":
   9: resource "kubernetes_cluster_role" "fluentd" {



Error: serviceaccounts is forbidden: User "system:anonymous" cannot create resource "serviceaccounts" in API group "" in the namespace "kube-system"

  on ../../terraform/fluentd/k8s/main.tf line 39, in resource "kubernetes_service_account" "fluentd":
  39: resource "kubernetes_service_account" "fluentd" {



Error: Failed to create daemonset: daemonsets.apps is forbidden: User "system:anonymous" cannot create resource "daemonsets" in API group "apps" in the namespace "kube-system"

  on ../../terraform/fluentd/k8s/main.tf line 61, in resource "kubernetes_daemonset" "fluentd":
  61: resource "kubernetes_daemonset" "fluentd" {



Error: namespaces is forbidden: User "system:anonymous" cannot create resource "namespaces" in API group "" at the cluster scope

  on ../../terraform/rack/k8s/main.tf line 9, in resource "kubernetes_namespace" "system":
   9: resource "kubernetes_namespace" "system" {



Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "system:anonymous" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

  on ../../terraform/router/k8s/main.tf line 9, in resource "kubernetes_cluster_role" "router":
   9: resource "kubernetes_cluster_role" "router" {

I realise this is only beta but would be nice to try it out :slight_smile:

Hi @ben,
Is this output from the terraform init or terraform apply ? I installed a fresh Digital Ocean rack yesterday without any issues, so interested to know and what point you’re seeing this…

Thanks,
Ed

Thanks for the quick response @ed_convox - it’s the output from terraform apply.

I’ve just rerun it and get the same result: full log is here.

Cheers.

Thanks @ben, we’re looking into this, something may have changed recently on the DO side… :blush:

Hi @ben thanks again for reporting this and sorry for the troubles. There were some changes on the Digital Ocean side of things and we had to make some updates. If you grab the latest version of https://github.com/convox/convox/ which is release 3.0.0.beta36 and re-run terraform apply you should be all set.