diff options
Diffstat (limited to 'rbac-namespace-default/node-reader.yml')
| -rw-r--r-- | rbac-namespace-default/node-reader.yml | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml index 0454579..62669cd 100644 --- a/rbac-namespace-default/node-reader.yml +++ b/rbac-namespace-default/node-reader.yml @@ -1,4 +1,11 @@ -# For kubectl get node, required for kafka init container rack awareness +# To see if init containers need RBAC: +# +# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack +# #init#broker.rack=# zone lookup failed, see -c init-config logs +# $ kubectl logs -c init-config kafka-0 +# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +# --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 |