Comments (5)
javsalgar
commented on June 30, 2024
Hi,
Could you check if the roles and rolebindings in the kubeprod namespace for kube-state-metrics are created?
from kube-prod-runtime.
floek
commented on June 30, 2024
Hi,
yes I've the following role binding created (from kubectl -n kubeprod get rolebindings kube-state-metrics -o yaml):
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
kubecfg.ksonnet.io/garbage-collect-tag: kube_prod_runtime
name: kube-state-metrics
name: kube-state-metrics
namespace: kubeprod
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kube-state-metrics-resizer
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: kubeprodfloek
from kube-prod-runtime.
floek
commented on June 30, 2024
And here is the Role:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kube-state-metrics-resizer
namespace: kubeprod
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- extensions
resourceNames:
- kube-state-metrics
resources:
- deployments
verbs:
- get
- updateSeems there is no entry for deployments and apiGroup "apps".
floek
from kube-prod-runtime.
javsalgar
commented on June 30, 2024
Hi,
This is strange, as the apps API group is in the jsonnet manifest
clusterRole: kube.ClusterRole($.p + "kube-state-metrics") {
local core = "", // workaround empty-string-key bug in `jsonnet fmt`
local listwatch = {
[core]: ["configmaps", "endpoints", "limitranges", "namespaces", "nodes", "persistentvolumeclaims", "persistentvolumes", "pods", "replicationcontrollers", "resourcequotas", "secrets", "services"],
"admissionregistration.k8s.io": ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"],
apps: ["daemonsets", "deployments", "replicasets", "statefulsets"],
autoscaling: ["horizontalpodautoscalers"],
"autoscaling.k8s.io": ["verticalpodautoscalers"],
batch: ["cronjobs", "jobs"],
"certificates.k8s.io": ["certificatesigningrequests"],
extensions: ["daemonsets", "deployments", "ingresses", "replicasets"],
"networking.k8s.io": ["ingresses", "networkpolicies"],
policy: ["poddisruptionbudgets"],
"storage.k8s.io": ["storageclasses", "volumeattachments"],
"storageclasses.k8s.io": ["storageclasses"],
},
all_resources:: std.set(std.flattenArrays(kube.objectValues(listwatch))),
rules: [{
apiGroups: [k],
resources: listwatch[k],
verbs: ["list", "watch"],
} for k in std.objectFields(listwatch)],
},
As you can see, there's an apps entry.
from kube-prod-runtime.
floek
commented on June 30, 2024
Hi,
you showed me the code for the "ClusterRole". In the same file a view lines down there ist the code for the "Role":
role: kube.Role($.p + "kube-state-metrics-resizer") + $.metadata {
rules: [
{
apiGroups: [""],
resources: ["pods"],
verbs: ["get"],
},
{
apiGroups: ["extensions"],
resources: ["deployments"],
resourceNames: ["kube-state-metrics"],
verbs: ["get", "update"],
},
],
},
Here apps is missing, and from my understanding this is referenced by (#1095 (comment))
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kube-state-metrics-resizerand corresponds to my role shown in the comment #1095 (comment)
Floek
from kube-prod-runtime.
Related Issues (20)
- Ingress not working HOT 1
- node-exporter: "--path.rootfs=/rootfs" missing HOT 1
- Cannot install with git-for-windows: config path broken HOT 3
- Using the stack without ingress HOT 2
- Install Apache Airflow HOT 5
- Compatible version for AKS 1.18 HOT 2
- oauth2-proxy : allow github or other domain auth HOT 1
- Can't install kubeprod HOT 16
- Role and permisions needed to deploy BKPR on AKS HOT 1
- Aks OAuth Proxy Configuration HOT 3
- Fluentd pods fail to start HOT 2
- Homebrew sha mismatch
- kubeprod.exe kubeprod-autogen.json: The filename, directory name, or volume label syntax is incorrect. HOT 2
- EKS Cognito User Pool has to be in same region as aws cli config
- generic manifest doesn't work on digital ocean HOT 1
- galera is duped into keycloak because of use of : instead of ::
- Update elasticsearch to fix log4j issue
- fluentd stay "container creating"
- Maintainers wanted for kube-prod-runtime fork HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-prod-runtime.