From 1884ae4a58d0d6af4f4835bf8a5440ec42ca442a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 8 Nov 2017 13:48:13 +0000 Subject: [PATCH 1/2] Fix kube-dns RBAC issues. Allow kube-dns and other kube-system services full access to the API. See: * https://github.com/kubernetes/minikube/issues/1734 * https://github.com/kubernetes/minikube/issues/1722 --- hack/install-e2e-dependencies.sh | 9 +++++++++ hack/prepare-e2e.sh | 20 -------------------- 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index 6ddd3cf86..8cc41249d 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -37,3 +37,12 @@ if ! retry TIMEOUT=300 kubectl get nodes; then echo "ERROR: Timeout waiting for Minikube to be ready" exit 1 fi + +# Fix kube-dns RBAC issues. +# Allow kube-dns and other kube-system services full access to the API. +# See: +# * https://github.com/kubernetes/minikube/issues/1734 +# * https://github.com/kubernetes/minikube/issues/1722 +kubectl create clusterrolebinding cluster-admin:kube-system \ + --clusterrole=cluster-admin \ + --serviceaccount=kube-system:default diff --git a/hack/prepare-e2e.sh b/hack/prepare-e2e.sh index 4397ddb03..276db445c 100755 --- a/hack/prepare-e2e.sh +++ b/hack/prepare-e2e.sh @@ -11,26 +11,6 @@ apiVersion: v1 kind: List items: -### Fix kube-dns RBAC issues ### -# Create a ServiceAccount for kube-dns to use -- apiVersion: v1 - kind: ServiceAccount - metadata: - name: kube-dns - namespace: kube-system -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - name: system:kube-dns - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kube-dns - subjects: - - kind: ServiceAccount - name: default - namespace: kube-system - ### Tiller ### # Create a ServiceAccount for tiller to use - apiVersion: v1 From 9641171a3742c4115a3884dca5ebf10ee3e8c47a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 8 Nov 2017 14:34:56 +0000 Subject: [PATCH 2/2] Add another expected error --- hack/e2e.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hack/e2e.sh b/hack/e2e.sh index 531b6d7b0..820547bd8 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -110,10 +110,12 @@ function test_elasticsearchcluster() { test_elasticsearchcluster function ignore_expected_errors() { - # Ignored failures to list navigator API objects when the controller starts - # before the API server has started and registered its self. E.g. + # Ignore the following error types: # E1103 14:58:06.819858 1 reflector.go:205] github.com/jetstack/navigator/pkg/client/informers/externalversions/factory.go:68: Failed to list *v1alpha1.Pilot: the server could not find the requested resource (get pilots.navigator.jetstack.io) - egrep --invert-match 'Failed to list \*v1alpha1\.\w+:\s+the server could not find the requested resource\s+\(get \w+\.navigator\.jetstack\.io\)$' + # E1108 14:18:37.610718 1 reflector.go:205] github.com/jetstack/navigator/pkg/client/informers/externalversions/factory.go:68: Failed to list *v1alpha1.Pilot: an error on the server ("Error: 'dial tcp 10.0.0.233:443: getsockopt: connection refused'\nTrying to reach: 'https://10.0.0.233:443/apis/navigator.jetstack.io/v1alpha1/pilots?resourceVersion=0'") has prevented the request from succeeding (get pilots.navigator.jetstack.io) + egrep --invert-match \ + -e 'Failed to list \*v1alpha1\.\w+:\s+the server could not find the requested resource\s+\(get \w+\.navigator\.jetstack\.io\)$' \ + -e 'Failed to list \*v1alpha1\.\w+:\s+an error on the server \([^)]+\) has prevented the request from succeeding\s+\(get \w+\.navigator\.jetstack\.io\)$' } function test_logged_errors() {