-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #798 - RBAC for leader election #804
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
I have now signed the agreement. |
Changes Unknown when pulling 1ff0191 on weitzj:fix/798 into ** on kubernetes:master**. |
Changes Unknown when pulling cfef998 on weitzj:fix/798 into ** on kubernetes:master**. |
@weitzj this LGTM but I think you should add a comment indicating that the name of the configmap can change if the flag https://github.com/kubernetes/ingress/blob/master/core/pkg/ingress/controller/launch.go#L87 |
@aledbf I did add a comment and updated the README. If this is fine with you, I will squash my branch and force-push. |
Changes Unknown when pulling b84c9b4 on weitzj:fix/798 into ** on kubernetes:master**. |
@weitzj please squash so we can merge this PR. Thanks! |
@@ -64,14 +64,27 @@ rules: | |||
- apiGroups: | |||
- "" | |||
resources: | |||
- configmaps |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If nginx is configured with a configmap for custom configuration we need to be able to read that, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. Then I will readd the old get
for configmap as was present before this PR and just add the new readwrite configmap for the resourceName
Using gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7 the nginx-controller needs to handle leader-election via configmaps. To perform the leader-election the nginx-controller needs to have the appropiate RBAC permissions. Previously to this fix, the following errors occured: - cannot get configmaps in the namespace "NAMESPACE_PLACEHOLDER". (get configmaps ingress-controller-leader-nginx) - initially creating leader election record: User "system:serviceaccount:NAMESPACE_PLACEHOLDER" cannot create configmaps in the namespace "NAMESPACE_PLACEHOLDER". (post configmaps)
|
Changes Unknown when pulling 3ad6fa8 on weitzj:fix/798 into ** on kubernetes:master**. |
/lgtm |
@weitzj thanks! |
Fixes: #798
Using gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
the nginx-controller needs to handle leader-election via configmaps.
To perform the leader-election the nginx-controller needs to have the
appropiate RBAC permissions.
Previously to this fix, the following errors occured:
cannot get configmaps in the namespace "NAMESPACE_PLACEHOLDER". (get configmaps ingress-controller-leader-nginx)
initially creating leader election record: User "system:serviceaccount:NAMESPACE_PLACEHOLDER" cannot create configmaps in the namespace "NAMESPACE_PLACEHOLDER". (post configmaps)
And another error message concerning
update
(I do not have the logs any more)Related to: