Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update RBAC permissions in examples/k8s #3594

Closed
fbarl opened this issue Apr 11, 2019 · 0 comments · Fixed by #3595
Closed

Update RBAC permissions in examples/k8s #3594

fbarl opened this issue Apr 11, 2019 · 0 comments · Fixed by #3595
Assignees
@fbarl
Labels
chore Related to fix/refinement/improvement of end user or new/existing developer functionality k8s Pertains to integration with Kubernetes

Comments

@fbarl
Copy link
Contributor

fbarl commented Apr 11, 2019

While trying to test #3589 in a local Minikube instance following the instructions from https://www.weave.works/docs/scope/latest/installing/#kubernetes-local-clone, I figured almost all K8s node details actions were being rejected based on the RBAC permission setting:

  • "services "weave-scope-app" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot get resource "services" in API group "" in the namespace "weave""
  • "deployments.extensions "weave-scope-cluster-agent" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot get resource "deployments/scale" in API group "extensions" in the namespace "weave""
  • "deployments.apps "weave-scope-cluster-agent" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot get resource "deployments" in API group "apps" in the namespace "weave""
  • "pods "weave-scope-cluster-agent-84df69896b-dv5zf" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot get resource "pods/log" in API group "" in the namespace "weave""
  • "pods "weave-scope-agent-jc4vk" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot delete resource "pods" in API group "" in the namespace "weave""
  • "pods "weave-scope-agent-jc4vk" is forbidden: User "system:serviceaccount:weave:weave-scope" cannot get resource "pods" in API group "" in the namespace "weave""

To fix this, we should add all of these to cluster-role.yaml.
@fbarl fbarl added k8s Pertains to integration with Kubernetes chore Related to fix/refinement/improvement of end user or new/existing developer functionality labels Apr 11, 2019
@fbarl fbarl self-assigned this Apr 11, 2019
@fbarl fbarl mentioned this issue Apr 11, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fbarl fbarl

Labels
chore Related to fix/refinement/improvement of end user or new/existing developer functionality k8s Pertains to integration with Kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update examples/k8s RBAC permissions weaveworks/scope
1 participant
@fbarl