aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rbac-namespace-default/node-reader.yml37
1 files changed, 0 insertions, 37 deletions
diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml
deleted file mode 100644
index 62669cd..0000000
--- a/rbac-namespace-default/node-reader.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-# To see if init containers need RBAC:
-#
-# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack
-# #init#broker.rack=# zone lookup failed, see -c init-config logs
-# $ kubectl logs -c init-config kafka-0
-# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
-# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\""
-#
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: node-reader
- labels:
- origin: github.com_Yolean_kubernetes-kafka
-rules:
-- apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - get
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: kafka-node-reader
- labels:
- origin: github.com_Yolean_kubernetes-kafka
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: node-reader
-subjects:
-- kind: ServiceAccount
- name: default
- namespace: kafka
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 08:33:28 +0000