From 7912b82077648edf337f4595c35aacda2934fa8b Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 2 Aug 2017 07:46:48 +0200 Subject: Using kubectl because curl would get 401 as system:anonymous, but be prepared for misleading error messages (for an RBAC noob like me) when your operation does not match the Role's rights: ``` root@test-rack-awareness-267009956-k0ffs:/opt/kafka# kubectl get pod $HOSTNAME NAME READY STATUS RESTARTS AGE test-rack-awareness-267009956-k0ffs 1/1 Running 0 14m root@test-rack-awareness-267009956-k0ffs:/opt/kafka# kubectl get pods Error from server (Forbidden): User "system:serviceaccount:kafka:kafka" cannot list pods in the namespace "kafka".: "Unknown user \"system:serviceaccount:kafka:kafka\"" (get pods) ``` --- 10broker-config.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/10broker-config.yml b/10broker-config.yml index 93bc8f0..5bebdec 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -17,6 +17,13 @@ data: # todo add curl to kafka image, switch to a curl image for init or write the whole lookup in java hash curl 2>/dev/null || { apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install curl -y --no-install-recommends; } + hash kubectl 2>/dev/null || { + curl -sLS -o k.tar.gz -k https://dl.k8s.io/v1.7.2/kubernetes-client-linux-amd64.tar.gz + echo "9c2363710d61a12a28df2d8a4688543b785156369973d33144ab1f2c1d5c7b53 k.tar.gz" | sha256sum -c + tar xvf k.tar.gz -C /usr/local/bin/ --strip-components=3 kubernetes/client/bin/kubectl + rm k.tar.gz + } + API=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api AUTH="--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)\"" -- cgit v1.2.3