antoinetran
antoinetran
This is because of missing emptyDir in case no pvc is deployed. As a workaround, this merge works (but because the merge cannot merge list, there is a duplication below):...
Suggestion of solution: I can do a pullrequest removing https://github.com/loft-sh/vcluster/blob/v0.23.0/chart/templates/role.yaml#L31 by default: ``` - apiGroups: [""] resources: ["pods/status", "pods/ephemeralcontainers"] verbs: ["patch", "update"] ``` Workaround: values.yaml ``` rbac: # Role holds...
After deploying the cluster and removed the RBAC patch/update as written above, I can now deploy the cluster with my helm components. However I get errors like this in events:...
Now I am asking https://bugzilla.redhat.com/show_bug.cgi?id=2176267 if these privilege can be given to users in fixed version of OpenShift (>=4.11).
> After deploying the cluster and removed the RBAC patch/update as written above, I can now deploy the cluster with my helm components. However I get errors like this in...
> Unfortunately, vCluster relies and needs those permissions and cannot be removed by default. > > ``` > - apiGroups: [""] > resources: ["pods/status", "pods/ephemeralcontainers"] > verbs: ["patch", "update"] >...
Let me add that vcluster has an absolutely great value especially on OpenShift environment, where only one namespace and limited rights is given to a project. In fact, this is...
> You can workaround this limitation by using a tool that will provision virtual clusters on behalf of a user, e.g. [vCluster Platform](https://www.vcluster.com/pricing) or [CAPI provider](https://github.com/loft-sh/cluster-api-provider-vcluster). I don't understand your...
> Feel free to suggest a change that would incorporate your workaround, either a PR, or start with proposing a new config option for vcluster.yaml (chart values). After a week...
So after investigating: * the patch/update of "pods/status" is used at https://github.com/loft-sh/vcluster/blob/v0.28.0-next.11/pkg/patcher/apply.go#L253 But I don't know why we do that * the patch/update of "pods/ephemeralcontainers" is used at https://github.com/loft-sh/vcluster/blob/v0.28.0-next.11/pkg/controllers/resources/pods/ephemeral_containers.go#L67 ....