I am trying to create a service default in namespace BA. But I am getting this error.
I am trying to create a CRD object (ServiceDefaults) in my namespace.
But that fails with this error.
Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource ServiceDefaults “cv-audit” in namespace “ba”: servicedefaults.consul.hashicorp.com “cv-audit” is forbidden: User “ba@corp.com” cannot get resource “servicedefaults” in API group “consul.hashicorp.com” in the namespace “ba”
User is given RoleBinding in the namespace with admin privs
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ba-consul-access
namespace: ba
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: User
namespace: ba
name: ba@corp.com
It works when we give specific rights for user to consul.hashicorp.com resources
But we expect this to work with admin privileges itself. Why does this not work when user is provided admin privs?