Open joshuasimon-taulia opened 3 years ago
I definitely think this is worth documenting. We've held off on a list of RBAC resources because krane will deploy/prune anything you give it so there isn't really isn't a list of short of *
that would work for everyone.
Would you be willing to PR something to our docs?
We just hit this issue too, with a user updating to 2.1.7. Maybe worth mentioning our finds on the way here, that k8s rejected adding this permisssion to the standard discovery role https://github.com/kubernetes/kubernetes/issues/45366 (we weren't sure if krane now targeted a newer k8s than we use, 1.16), and that the need for this to be documented was also mentioned in https://github.com/Shopify/krane/pull/778#issuecomment-778328751 (mentioning this to link the issues)
Not sure if this issue is still active here, but I'm currently encountering the same error using krane 3.4.0 deploying to AWS EKS with a service account: Error from server (Forbidden): forbidden: User "circleci.com" cannot get path "/"
Would anyone be able to clarify which permission needs to be added to the AWS user or role to resolve the issue? Thanks in advance.
Bug report
starting in krane 2.1.6, my k8s sa is hitting permissions issues.
krane deploy
works fine in 2.1.5Expected behavior:
Actual behavior:
Version(s) affected: 2.1.6
Steps to Reproduce
krane deploy staging staging --no-prune -f output/my-charttemplates/
This is RBAC for my k8s SA
I have also tried giving the k8s SA
Feature request
Proposal: Document the addional RBAC required by krane 2.1.6