openstack-cloud-controller-manager
openstack-cloud-controller-manager copied to clipboard
dims
RBAC rules needed for running as pod/daemonset
hack we can use for now is ... we need a better way
# Hack for RBAC for all for the new cloud-controller process, we need to do better than this
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:default kube-system-cluster-admin-1 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:pvl-controller kube-system-cluster-admin-2 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:cloud-node-controller kube-system-cluster-admin-3 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:cloud-controller-manager kube-system-cluster-admin-4 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:shared-informers kube-system-cluster-admin-5 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:kube-controller-manager kube-system-cluster-admin-6 --clusterrole cluster-admin
cluster/kubectl.sh create clusterrolebinding --user system:serviceaccount:kube-system:attachdetach-controller kube-system-cluster-admin-7 --clusterrole cluster-admin
cluster/kubectl.sh set subject clusterrolebinding system:node --group=system:nodes
The following logs are from openstack-cloud-controller-manager
1552 nodes is forbidden: User "system:serviceaccount:kube-system:shared-informers" cannot list nodes at the cluster scope
1552 persistentvolumes is forbidden: User "system:serviceaccount:kube-system:pvl-controller" cannot list persistentvolumes at the cluster scope
1552 services is forbidden: User "system:serviceaccount:kube-system:shared-informers" cannot list services at the cluster scope
317 serviceaccount:kube-system:cloud-node-controller" cannot list nodes at the cluster scope
getting the ball rolling here - https://github.com/kubernetes/kubernetes/pull/59945