github.com/pachyderm/pachyderm@v1.13.4/etc/kubernetes-kafka/2rbac-namespace-default/node-reader.yml

github.com/pachyderm/pachyderm@v1.13.4/etc/kubernetes-kafka/2rbac-namespace-default/node-reader.yml (about)

     1  # To see if init containers need RBAC:
     2  #
     3  # $ kubectl -n kafka exec kafka-0 -- cat /etc/kafka/server.properties | grep broker.rack
     4  # #init#broker.rack=# zone lookup failed, see -c init-config logs
     5  # $ kubectl -n kafka logs -c init-config kafka-0
     6  # ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
     7  # Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\""
     8  #
     9  ---
    10  kind: ClusterRole
    11  apiVersion: rbac.authorization.k8s.io/v1
    12  metadata:
    13    name: node-reader
    14    labels:
    15      origin: github.com_Yolean_kubernetes-kafka
    16  rules:
    17  - apiGroups:
    18    - ""
    19    resources:
    20    - nodes
    21    verbs:
    22    - get
    23  ---
    24  kind: ClusterRoleBinding
    25  apiVersion: rbac.authorization.k8s.io/v1
    26  metadata:
    27    name: kafka-node-reader
    28    labels:
    29      origin: github.com_Yolean_kubernetes-kafka
    30  roleRef:
    31    apiGroup: rbac.authorization.k8s.io
    32    kind: ClusterRole
    33    name: node-reader
    34  subjects:
    35  - kind: ServiceAccount
    36    name: default
    37    namespace: kafka