github.com/pachyderm/pachyderm@v1.13.4/etc/kubernetes-kafka/2rbac-namespace-default/pod-labeler.yml

github.com/pachyderm/pachyderm@v1.13.4/etc/kubernetes-kafka/2rbac-namespace-default/pod-labeler.yml (about)

     1  # To see if init containers need RBAC:
     2  #
     3  # $ kubectl -n kafka logs kafka-2 -c init-config
     4  # ...
     5  # Error from server (Forbidden): pods "kafka-2" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka": Unknown user "system:serviceaccount:kafka:default"
     6  #
     7  ---
     8  kind: Role
     9  apiVersion: rbac.authorization.k8s.io/v1
    10  metadata:
    11    name: pod-labler
    12    namespace: kafka
    13    labels:
    14      origin: github.com_Yolean_kubernetes-kafka
    15  rules:
    16  - apiGroups:
    17    - ""
    18    resources:
    19    - pods
    20    verbs:
    21    - get
    22    - update
    23    - patch
    24  ---
    25  kind: RoleBinding
    26  apiVersion: rbac.authorization.k8s.io/v1
    27  metadata:
    28    name: kafka-pod-labler
    29    namespace: kafka
    30    labels:
    31      origin: github.com_Yolean_kubernetes-kafka
    32  roleRef:
    33    apiGroup: rbac.authorization.k8s.io
    34    kind: Role
    35    name: pod-labler
    36  subjects:
    37  - kind: ServiceAccount
    38    name: default
    39    namespace: kafka