Shows how to see that you need rbac, but makes readme heavier

author: Staffan Olsson <staffan@repos.se> 2017-08-05 06:11:06 +0200
committer: Staffan Olsson <staffan@repos.se> 2017-08-05 06:11:06 +0200
commit: 27421fb58b902e595adcf062857a369485cc91cf (patch)
tree: 033e67fe35b12bfe6552d5a722b9bca892261dcb /README.md
parent: 8f637b7385ce3d1e4737fdb8c34801f10e49b2ae (diff)
download: kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.gz
kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.bz2
kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/README.md b/README.md
index e0cdf91..c9e6c59 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,15 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r
 kubectl apply -f rbac-namespace-default/
 ```
 
+For example here's how you see that `kafka`s init containers need RBAC for [rack awareness](https://github.com/Yolean/kubernetes-kafka/pull/41):
+```
+$ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack
+#init#broker.rack=# zone lookup failed, see -c init-config logs
+$ kubectl logs -c init-config kafka-0
+++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
+Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\""
+```
+
 # Tests
 
 ```
author	Staffan Olsson <staffan@repos.se>	2017-08-05 06:11:06 +0200
committer	Staffan Olsson <staffan@repos.se>	2017-08-05 06:11:06 +0200
commit	27421fb58b902e595adcf062857a369485cc91cf (patch)
tree	033e67fe35b12bfe6552d5a722b9bca892261dcb /README.md
parent	8f637b7385ce3d1e4737fdb8c34801f10e49b2ae (diff)
download	kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.gz kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.tar.bz2 kubernetes-kafka-27421fb58b902e595adcf062857a369485cc91cf.zip