diff options
author | Staffan Olsson <staffan@repos.se> | 2017-08-02 07:46:48 +0200 |
---|---|---|
committer | Staffan Olsson <staffan@repos.se> | 2017-08-02 12:53:42 +0200 |
commit | 7912b82077648edf337f4595c35aacda2934fa8b (patch) | |
tree | fca8f11e8adcc2a86966616b79db39156e06b26f | |
parent | b3a6bbce9752778ea5e93116f7a1110b488e3dd8 (diff) | |
download | kubernetes-kafka-7912b82077648edf337f4595c35aacda2934fa8b.tar.gz kubernetes-kafka-7912b82077648edf337f4595c35aacda2934fa8b.tar.bz2 kubernetes-kafka-7912b82077648edf337f4595c35aacda2934fa8b.zip |
Using kubectl because curl would get 401 as system:anonymous,
but be prepared for misleading error messages (for an RBAC noob like me)
when your operation does not match the Role's rights:
```
root@test-rack-awareness-267009956-k0ffs:/opt/kafka# kubectl get pod $HOSTNAME
NAME READY STATUS RESTARTS AGE
test-rack-awareness-267009956-k0ffs 1/1 Running 0 14m
root@test-rack-awareness-267009956-k0ffs:/opt/kafka# kubectl get pods
Error from server (Forbidden): User "system:serviceaccount:kafka:kafka" cannot list pods in the namespace "kafka".: "Unknown user \"system:serviceaccount:kafka:kafka\"" (get pods)
```
-rw-r--r-- | 10broker-config.yml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/10broker-config.yml b/10broker-config.yml index 93bc8f0..5bebdec 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -17,6 +17,13 @@ data: # todo add curl to kafka image, switch to a curl image for init or write the whole lookup in java hash curl 2>/dev/null || { apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install curl -y --no-install-recommends; } + hash kubectl 2>/dev/null || { + curl -sLS -o k.tar.gz -k https://dl.k8s.io/v1.7.2/kubernetes-client-linux-amd64.tar.gz + echo "9c2363710d61a12a28df2d8a4688543b785156369973d33144ab1f2c1d5c7b53 k.tar.gz" | sha256sum -c + tar xvf k.tar.gz -C /usr/local/bin/ --strip-components=3 kubernetes/client/bin/kubectl + rm k.tar.gz + } + API=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api AUTH="--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)\"" |