Closed joshbenner closed 6 years ago
I can reproduce this error using f5-sdk when I try to set pool metadata. Is there an additional configuration required so that Manager role can set metadata?
The manager role is not allowed to set metadata. I believe you must use the Resource Administrator or Administrator role to do this. I believe the guidance for all our controllers is that the user account must have the admin role.
@russokj Documentation suggested Manager should work for Nodeport mode. Updates may be needed there.
Okay. I'll open up an issue for the docs. The last release added a feature to add the controller name and version to the metadata field which required us to remove the support of the Manager role across all controllers.
Description
What I did:
kube01.lab
partitionkube01.lab
user with Manager role inkube01.lab
partitionWhat happened: k8s-bigip-ctlr attempts and fails to configure the BIG-IP with Access Denied error.
I have confirmed that the user can create pools by using iControl REST API via f5-sdk with this user to create a pool in the above partition.
Kubernetes Version
v1.8.4+coreos.0
Controller Version
1.5.1
BIG-IP Version
12.1.3
Diagnostic Information
k8s-bigip-ctlr log: