shinyproxy-operator icon indicating copy to clipboard operation
shinyproxy-operator copied to clipboard

Published 20 hours ago verified publisher icon openanalytics

Service account roles pods/log

Open nik-humphries opened this issue 9 months ago • 1 comments

Upon updating to the new SPO + SP (2.1.0 / 3.1.0) I was receiving the following message on Kubernetes.

2024-05-15T12:35:56.237700027Z io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://10.0.0.1:443/api/v1/namespaces/apps/pods/sp-pod-9d680476-03ac-42a8-b851-28b801c61659-0/log?pretty=false. Message: pods "sp-pod-9d680476-03ac-42a8-b851-28b801c61659-0" is forbidden: User "system:serviceaccount:apps:shinyproxy-sa" cannot get resource "pods/log" in API group "" in the namespace "apps"

https://github.com/openanalytics/shinyproxy-operator/blob/977dccb01d7c9ac662dab7fc3a518d9c93ec1bef/docs/deployment/bases/shinyproxy/resources/shinyproxy.rbac.yaml#L11

I have added a permission into the role at the line above here to include pods/log as well as the other two that are already there.

Is this missing from the deployment example or is there something else I should be changing?

nik-humphries avatar May 15 '24 13:05 nik-humphries