diff options
-rw-r--r-- | rbac-namespace-default/node-reader.yml | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml deleted file mode 100644 index 62669cd..0000000 --- a/rbac-namespace-default/node-reader.yml +++ /dev/null @@ -1,37 +0,0 @@ -# To see if init containers need RBAC: -# -# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack -# #init#broker.rack=# zone lookup failed, see -c init-config logs -# $ kubectl logs -c init-config kafka-0 -# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' -# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" -# ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: node-reader - labels: - origin: github.com_Yolean_kubernetes-kafka -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: kafka-node-reader - labels: - origin: github.com_Yolean_kubernetes-kafka -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: node-reader -subjects: -- kind: ServiceAccount - name: default - namespace: kafka |