[YUNIKORN-1775] Admission cluster role doesn't have enough permission to run admission - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0
Component/s: shim - kubernetes
Labels:
- pull-request-available

Target Version:

1.3.0

Description

Deploy the admission-controller with YAML files in yunikorn-k8shim:

kubectl create namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-rbac.yaml --namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-secrets.yaml --namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller.yaml --namespace yunikorn

We will get errors in the yunikorn-admission-controller pod.

E0531 12:36:25.095445       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.23.14/tools/ca
che/reflector.go:167: Failed to watch *v1.Namespace: failed to list *v1.Namespace: namespa
ces is forbidden: User "system:serviceaccount:yunikorn:yunikorn-admission-controller" cann
ot list resource "namespaces" in API group "" at the cluster scope

Attachments

Issue Links

is related to

YUNIKORN-1779 Deduplicate the deployment files

Open

relates to

YUNIKORN-1698 Missing namespace permissions for admission controller

Closed

links to

GitHub Pull Request #606

Activity

People

Assignee:: PoAn Yang

Reporter:: PoAn Yang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 31/May/23 12:39

Updated:: 20/Jun/23 14:41

Resolved:: 31/May/23 14:18

Time Tracking

Estimated:

24h

Remaining:

24h

Logged:

Not Specified