diff options
author | solsson <solsson@gmail.com> | 2018-01-08 16:22:34 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-08 16:22:34 +0100 |
commit | 4eb876eb2182b2de67288264dab13996f4f3535f (patch) | |
tree | 58d4492daf234cabb824eecbaedd0c41738f93e1 /rbac-namespace-default | |
parent | af80f4240b38c1c572e95a4303422218910a6d3a (diff) | |
parent | cc27bc113cfe2d295a59336236ea4d69ca4c38f3 (diff) | |
download | kubernetes-kafka-4eb876eb2182b2de67288264dab13996f4f3535f.tar.gz kubernetes-kafka-4eb876eb2182b2de67288264dab13996f4f3535f.tar.bz2 kubernetes-kafka-4eb876eb2182b2de67288264dab13996f4f3535f.zip |
Merge pull request #117 from Yolean/broker-init-pod-labler
Fix RBAC, set useful labels on broker pods from init script
Diffstat (limited to 'rbac-namespace-default')
-rw-r--r-- | rbac-namespace-default/pod-labler.yml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/rbac-namespace-default/pod-labler.yml b/rbac-namespace-default/pod-labler.yml new file mode 100644 index 0000000..bd488b0 --- /dev/null +++ b/rbac-namespace-default/pod-labler.yml @@ -0,0 +1,39 @@ +# To see if init containers need RBAC: +# +# $ kubectl -n kafka logs kafka-2 -c init-config +# ... +# Error from server (Forbidden): pods "kafka-2" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka": Unknown user "system:serviceaccount:kafka:default" +# +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pod-labler + namespace: kafka + labels: + origin: github.com_Yolean_kubernetes-kafka +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - update + - patch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kafka-pod-labler + namespace: kafka + labels: + origin: github.com_Yolean_kubernetes-kafka +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-labler +subjects: +- kind: ServiceAccount + name: default + namespace: kafka |