diff options
author | Staffan Olsson <staffan@repos.se> | 2017-08-05 06:11:06 +0200 |
---|---|---|
committer | Staffan Olsson <staffan@repos.se> | 2017-08-05 06:11:06 +0200 |
commit | 27421fb58b902e595adcf062857a369485cc91cf (patch) | |
tree | 033e67fe35b12bfe6552d5a722b9bca892261dcb /README.md | |
parent | 8f637b7385ce3d1e4737fdb8c34801f10e49b2ae (diff) | |
download | kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.gz kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.bz2 kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.zip |
Shows how to see that you need rbac, but makes readme heavier
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -59,6 +59,15 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r kubectl apply -f rbac-namespace-default/ ``` +For example here's how you see that `kafka`s init containers need RBAC for [rack awareness](https://github.com/Yolean/kubernetes-kafka/pull/41): +``` +$ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack +#init#broker.rack=# zone lookup failed, see -c init-config logs +$ kubectl logs -c init-config kafka-0 +++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +``` + # Tests ``` |