What leads to error "Failed to get ConfigMap, Code: 403" while deploying k8s service using Harness Rolling Deployment?

Harness uses its own configMap which we create to store the release history on your k8s cluster which can be used for rollback.

Related details here: Kubernetes Versioning and Annotations - Harness.io Docs

In case of very first deployment, lets see the configMap doesn’t exist(as not created by Harness yet), we first make API call to check if configMap exists(this API call failing due to permission will lead to this exception) and if not we create/update one as per GET call response.

Complete exception:

Invalid request: Failed to get ConfigMap. Code: 403, message:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"release-abcdef\" is forbidden: User \"system:serviceaccount:sa:harness\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"ns\"","reason":"Forbidden","details":{"name":"release-abcdef","kind":"configmaps"},"code":403}

To resolve this issue try giving more permissions specifically “get Secret & get ConfigMap” to this serviceAccount in the required namespace currently deploying to and it should help.

2 Likes