diff options
author | Staffan Olsson <staffan@repos.se> | 2018-01-08 12:57:58 +0100 |
---|---|---|
committer | Staffan Olsson <staffan@repos.se> | 2018-01-08 12:58:19 +0100 |
commit | c6314666e9cad10944d587d90c8d003a780a52dd (patch) | |
tree | 9d90a560462d5a349aa8a8cfd6db7e5316e57666 | |
parent | af80f4240b38c1c572e95a4303422218910a6d3a (diff) | |
download | kubernetes-kafka-c6314666e9cad10944d587d90c8d003a780a52dd.tar.gz kubernetes-kafka-c6314666e9cad10944d587d90c8d003a780a52dd.tar.bz2 kubernetes-kafka-c6314666e9cad10944d587d90c8d003a780a52dd.zip |
Adds the required RBAC for the init script to set the kafka-broker-id label
-rw-r--r-- | rbac-namespace-default/pod-labler.yml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/rbac-namespace-default/pod-labler.yml b/rbac-namespace-default/pod-labler.yml new file mode 100644 index 0000000..78816a3 --- /dev/null +++ b/rbac-namespace-default/pod-labler.yml @@ -0,0 +1,41 @@ +# To see if init containers need RBAC: +# +# $ kubectl exec kafka-0 -- cat /etc/kafka/server.properties | grep broker.rack +# #init#broker.rack=# zone lookup failed, see -c init-config logs +# $ kubectl logs -c init-config kafka-0 +# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +# +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pod-labler + namespace: kafka + labels: + origin: github.com_Yolean_kubernetes-kafka +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - update + - patch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kafka-pod-labler + namespace: kafka + labels: + origin: github.com_Yolean_kubernetes-kafka +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-labler +subjects: +- kind: ServiceAccount + name: default + namespace: kafka |