From d60ae22197729f09e72c082dace6356ee4475bc7 Mon Sep 17 00:00:00 2001 From: Jack Cowey Date: Tue, 12 Jan 2021 10:13:10 +0000 Subject: [PATCH] RBAC fixes --- config/rbac/role.yaml | 6 ++++-- examples/02-deploy.yml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 0d21285..73dd489 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -10,6 +10,7 @@ rules: - apiGroups: - "" - extensions + - networking.k8s.io resources: - secrets - services @@ -17,7 +18,7 @@ rules: - pods/exec - pods/log - persistentvolumeclaims - - networking.k8s.io + - ingresses verbs: - "*" - apiGroups: @@ -27,7 +28,6 @@ rules: - daemonsets - replicasets - statefulsets - - ingresses verbs: - create - delete @@ -53,3 +53,5 @@ rules: - patch - update - watch +E0112 10:06:00.410573 7 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.4/tools/cache/reflector.go:156: Failed to watch networking.k8s.io/v1, Kind=Ingress: failed to list networking.k8s.io/v1, Kind=Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:ghost-system:default" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope +E0112 10:07:19.998385 7 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.4/tools/cache/reflector.go:156: Failed to watch networking.k8s.io/v1, Kind=Ingress: failed to list networking.k8s.io/v1, Kind=Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:ghost-system:default" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope \ No newline at end of file diff --git a/examples/02-deploy.yml b/examples/02-deploy.yml index 85c20e0..14a725e 100644 --- a/examples/02-deploy.yml +++ b/examples/02-deploy.yml @@ -83,6 +83,7 @@ rules: - apiGroups: - "" - extensions + - networking.k8s.io resources: - secrets - services