The kubeadm will enable the RBAC in Kubernetes Claster.

We follow the instructions from https://wiki.onap.org/display/DW/Deploying+Kubernetes+Cluster+with+kubeadm to depoly onap (from OOM master).

All the containers are up and running.

However, there is some issue with kube2msb.

Keep getting this error from kube2msb log:

E0130 21:33:32.464069 7 reflector.go:216] kube2msb/kube2msb.go:214: Failed to list *api.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope
E0130 21:33:32.464161 7 reflector.go:216] kube2msb/kube2msb.go:148: Failed to list *api.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0130 21:33:33.465608 7 reflector.go:216] kube2msb/kube2msb.go:148: Failed to list *api.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0130 21:33:33.465672 7 reflector.go:216] kube2msb/kube2msb.go:214: Failed to list *api.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope

From the log, we can see that the kube2msb got the right system:serviceaccount token. But the api access to pod and service is forbidden.

This issue is very similar with https://github.com/prometheus/prometheus/issues/2763