fission
fission copied to clipboard
Published
20 hours ago •
fission
fission
help,help,help v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller
v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller ,what can i do? I found that all serivceaccounts in v1.18.0 had no ClusterRole, so I opened the Controller When I created an env by controller, I found that Buildermgr didn't get a watch this is my add ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fission-v1-18-0-fission-cr-admin
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- services
- serviceaccounts
- replicationcontrollers
- namespaces
- events
verbs:
- create
- delete
- get
- list
- watch
- patch
- apiGroups:
- apps
resources:
- deployments
- deployments/scale
- replicasets
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- fission.io
resources:
- canaryconfigs
- environments
- functions
- httptriggers
- kuberneteswatchtriggers
- messagequeuetriggers
- packages
- timetriggers
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- bind
- apiGroups:
- keda.sh
resources:
- scaledjobs
- scaledobjects
- scaledjobs/finalizers
- scaledjobs/status
- triggerauthentications
- triggerauthentications/status
verbs:
- '*'
- apiGroups:
- keda.k8s.io
resources:
- scaledjobs
- scaledobjects
- scaledjobs/finalizers
- scaledjobs/status
- triggerauthentications
- triggerauthentications/status
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-controller-cr-admin
subjects:
- kind: ServiceAccount
name: fission-controller
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-buildermgr-cr-admin
subjects:
- kind: ServiceAccount
name: fission-buildermgr
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-executor-cr-admin
subjects:
- kind: ServiceAccount
name: fission-executor
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-fluentbit-cr-admin
subjects:
- kind: ServiceAccount
name: fission-fluentbit
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-kafka-cr-admin
subjects:
- kind: ServiceAccount
name: fission-kafka
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-keda-cr-admin
subjects:
- kind: ServiceAccount
name: fission-keda
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-kubewatcher-cr-admin
subjects:
- kind: ServiceAccount
name: fission-kubewatcher
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-router-cr-admin
subjects:
- kind: ServiceAccount
name: fission-router
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-storagesvc-cr-admin
subjects:
- kind: ServiceAccount
name: fission-storagesvc
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-timer-cr-admin
subjects:
- kind: ServiceAccount
name: fission-timer
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fission-v1-18-0-fission-webhook-cr-admin
subjects:
- kind: ServiceAccount
name: fission-webhook
namespace: fission
roleRef:
kind: ClusterRole
name: fission-v1-18-0-fission-cr-admin
apiGroup: rbac.authorization.k8s.io
---
this is my buildermgr deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: buildermgr
namespace: fission
labels:
app.kubernetes.io/managed-by: Helm
chart: fission-all-v1.18.0
svc: buildermgr
annotations:
deployment.kubernetes.io/revision: '4'
meta.helm.sh/release-name: fission
meta.helm.sh/release-namespace: fission
spec:
replicas: 1
selector:
matchLabels:
svc: buildermgr
template:
metadata:
creationTimestamp: null
labels:
svc: buildermgr
annotations:
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
spec:
volumes:
- name: builder-podspec-patch-volume
configMap:
name: builder-podspec-patch
defaultMode: 420
containers:
- name: buildermgr
image: 'index.docker.io/fission/fission-bundle:v1.18.0'
command:
- /fission-bundle
args:
- '--builderMgr'
- '--storageSvcUrl'
- 'http://storagesvc.fission'
ports:
- name: metrics
containerPort: 8080
protocol: TCP
env:
- name: FETCHER_IMAGE
value: 'fission/fetcher:v1.18.0'
- name: FETCHER_IMAGE_PULL_POLICY
value: IfNotPresent
- name: BUILDER_IMAGE_PULL_POLICY
value: IfNotPresent
- name: FISSION_BUILDER_NAMESPACE
value: fission-builder
- name: FISSION_FUNCTION_NAMESPACE
value: fission-function
- name: FISSION_DEFAULT_NAMESPACE
value: default
- name: ENABLE_ISTIO
value: 'false'
- name: FETCHER_MINCPU
value: 10m
- name: FETCHER_MINMEM
value: 16Mi
- name: FETCHER_MAXCPU
- name: FETCHER_MAXMEM
- name: DEBUG_ENV
value: 'false'
- name: PPROF_ENABLED
value: 'false'
- name: HELM_RELEASE_NAME
value: fission
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_EXPORTER_OTLP_INSECURE
value: 'true'
- name: OTEL_TRACES_SAMPLER
value: parentbased_traceidratio
- name: OTEL_TRACES_SAMPLER_ARG
value: '0.1'
- name: OTEL_PROPAGATORS
value: 'tracecontext,baggage'
resources: {}
volumeMounts:
- name: builder-podspec-patch-volume
readOnly: true
mountPath: /etc/fission/builder-podspec-patch.yaml
subPath: builder-podspec-patch.yaml
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
serviceAccountName: fission-buildermgr
serviceAccount: fission-buildermgr
securityContext:
runAsUser: 10001
runAsGroup: 10001
runAsNonRoot: true
fsGroup: 10001
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
