charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon bitnami

[bitnami/contour] Missing ConfigMap and BackendTLSPolicy permissions in clusterrole when adding gatewayRef

Open bumarcell opened this issue 1 year ago • 2 comments

Name and Version

bitnami/contour 17.0.5

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Add gateway.gatewayRef in contour configmap
  2. Restart contour
  3. On startup it it logs the following errors:
level=error msg="pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User \"system:serviceaccount:contour:contour-contour\" cannot list resource \"configmaps\" in API group \"\" at the cluster scope" caller="reflector.go:147" context=kubernetes error="<nil>"

level=error msg="pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1alpha2.BackendTLSPolicy: failed to list *v1alpha2.BackendTLSPolicy: backendtlspolicies.gateway.networking.k8s.io is forbidden: User \"system:serviceaccount:contour:contour-contour\" cannot list resource \"backendtlspolicies\" in API group \"gateway.networking.k8s.io\" at the cluster scope" caller="reflector.go:147" context=kubernetes error="<nil>"

Are you using any custom parameters or values?

No response

What is the expected behavior?

The chart should add all relevant permissions in rbacs, including those for CRDs.

What do you see instead?

The clusterrole doesn't define permissions for all GatewayAPI crds, namely backendpolicies isn't added. The list and watch permissions on configmaps were also missing, which only throws an error after adding gatewayRef.

Additional information

No response

bumarcell avatar Apr 17 '24 11:04 bumarcell

The clusterrole doesn't define permissions for all GatewayAPI crds, namely backendpolicies isn't added. The list and watch permissions on configmaps were also missing, which only throws an error after adding gatewayRef.

Hi,

Thank you for reporting the issue. As you have identified the issue, would you like to contribute? You can do so by following our contributing guidelines. You'll need to edit the rbac.yaml file and it will benefit the entire community.

Thanks

jotamartos avatar Apr 26 '24 14:04 jotamartos

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar May 12 '24 01:05 github-actions[bot]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

github-actions[bot] avatar May 18 '24 01:05 github-actions[bot]

Looks like it's been added in chart v17.0.7 Many thanks ❤️

bumarcell avatar May 18 '24 13:05 bumarcell