Unable to run Dashboard on Minikube with RBAC

[rayterrill]

Environment

Dashboard version: 1.8.2
Kubernetes version: 1.8.0
Operating system: Windows 10 (1709 16299.192)
Node.js version: v9.3.0
Go version: N/A

Steps to reproduce

1. Launch minikube in RBAC mode

minikube start --extra-config=apiserver.Authorization.Mode=RBAC

2. Deploy Dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kuberne
tes-dashboard.yaml

3. Dashboard pod fails to deploy, verified with kubectl get pods --namespace=kube-system

PS C:\wip> kubectl get pods --namespace=kube-system
NAME                                   READY     STATUS             RESTARTS   AGE
kube-addon-manager-minikube            1/1       Running            0          1m
kube-dns-86f6f55dd5-fnqkr              2/3       Running            0          1m
kubernetes-dashboard-7rb4g             0/1       CrashLoopBackOff   3          1m
kubernetes-dashboard-c8b4bc89b-xwlg7   1/1       Running            0          10s
storage-provisioner                    1/1       Running            0          1m

Observed result

Dashboard pod fails to deploy successfully.

Pod logs (via kubectl logs kubernetes-dashboard-7rb4g --namespace=kube-system)

2018/01/27 19:20:23 Synchronizer kubernetes-dashboard-key-holder-kube-system exited with error: kubernetes-dashboard-key-holder-kube-system watch ended with timeout
panic: secrets is forbidden: User "system:serviceaccount:kube-system:default" cannot create secrets in the namespace "kube-system"

goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.(*rsaKeyHolder).init(0xc4201d05e0)
        /home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:132 +0x2d3
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.NewRSAKeyHolder(0x1a78da0, 0xc4203c7620, 0xc4203c7620, 0x1278920)
        /home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:171 +0x83
main.initAuthManager(0x1a77300, 0xc42014d1a0, 0x384, 0x1, 0x1)
        /home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:160 +0x12f
main.main()
        /home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:94 +0x27b

Expected result

Pods should deploy successfully.

Comments

Works successfully without RBAC (launching minikube with just 'minikube start').

Apologies if I've bungled anything. Working on learning K8s.

[floreks]

I think that Dashboard deploy was not successful as error says that container is using system:serviceaccount:kube-system:default instead of kubernetes-dashboard SA.

[rayterrill]

I saw that. Anything I can check to see why that would be happening? I can repeat this at will.

[rayterrill]

Upgraded to minikube v0.25.0, and this is now working for me even in RBAC mode.

[gokhandincer]

Hi all,
I've upgraded to v0.25.2 but same error while run with this command minikube start --extra-config=apiserver.Authorization.Mode=RBAC

kube-system   kube-addon-manager-minikube                 1/1       Running            0          31m
kube-system   kube-dns-54cccfbdf8-jpb7j                   1/3       CrashLoopBackOff   18         31m
kube-system   kubernetes-dashboard-77d8b98585-ts8r7       0/1       CrashLoopBackOff   10         31m
kube-system   storage-provisioner                         1/1       Running            0          31m
kube-system   tiller-deploy-7bf964fff8-85srv              1/1       Running            0          12m

[pplavetzki]

@gokhandincer solved this by using this:
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default

From this link: https://gist.github.com/F21/08bfc2e3592bed1e931ec40b8d2ab6f5