aboutsummaryrefslogtreecommitdiff
path: root/rbac-namespace-default/pod-labler.yml
diff options
context:
space:
mode:
Diffstat (limited to 'rbac-namespace-default/pod-labler.yml')
-rw-r--r--rbac-namespace-default/pod-labler.yml39
1 files changed, 39 insertions, 0 deletions
diff --git a/rbac-namespace-default/pod-labler.yml b/rbac-namespace-default/pod-labler.yml
new file mode 100644
index 0000000..bd488b0
--- /dev/null
+++ b/rbac-namespace-default/pod-labler.yml
@@ -0,0 +1,39 @@
+# To see if init containers need RBAC:
+#
+# $ kubectl -n kafka logs kafka-2 -c init-config
+# ...
+# Error from server (Forbidden): pods "kafka-2" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka": Unknown user "system:serviceaccount:kafka:default"
+#
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: pod-labler
+ namespace: kafka
+ labels:
+ origin: github.com_Yolean_kubernetes-kafka
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - update
+ - patch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kafka-pod-labler
+ namespace: kafka
+ labels:
+ origin: github.com_Yolean_kubernetes-kafka
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: pod-labler
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: kafka
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-09 19:25:29 +0000