-
Notifications
You must be signed in to change notification settings - Fork 805
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
controller-manager can't access RemoteCluster due to namespaced role #4417
Comments
Hi @miedzinski , It's better to create another role and cluster role biding for the CRD RemoteCluster. Could you help us to improve it? |
miedzinski
added a commit
to miedzinski/chaos-mesh
that referenced
this issue
May 14, 2024
miedzinski
added a commit
to miedzinski/chaos-mesh
that referenced
this issue
May 14, 2024
miedzinski
added a commit
to miedzinski/chaos-mesh
that referenced
this issue
May 14, 2024
…s-mesh#4417) Signed-off-by: Dominik Miedziński <dominik.miedzinski@allegro.com>
10 tasks
You're right. There is a ClusterRole for that chaos-mesh/helm/chaos-mesh/templates/controller-manager-rbac.yaml Lines 70 to 91 in 6411f53
so it could be added there. Submitted #4419. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
What version of Kubernetes are you using?
v1.25.16
What version of Chaos Mesh are you using?
2.6.3
What did you do? / Minimal Reproducible Example
Updated from Helm chart with
clusterScoped: false
.What did you expect to see?
Chaos Mesh should apply chaos.
What did you see instead?
Output of chaosctl
The cause is that Helm creates role binding chaos-controller-manager-target-namespace as namespaced RoleBinding, but RemoteCluster isn't namespaced (has
scope: Cluster
). As a fix we should always create ClusterRoleBinding here:chaos-mesh/helm/chaos-mesh/templates/controller-manager-rbac.yaml
Lines 158 to 162 in 6411f53
The text was updated successfully, but these errors were encountered: