search

Twingate / kubernetes-operator

Twingate Kubernetes Operator allows configuring Twingate using Kubernetes assets - OSS
https://www.twingate.com
Mozilla Public License 2.0
19 stars 1 forks source link

Using the Operator with annotations have some problems #269

Closed ErezWeiss closed 2 months ago

ErezWeiss commented 2 months ago

Hi I use the newest operator and try to create resources with annotations. At first, I added the: twingate.com/resource: 'true' annotation and got:

cannot patch resource "services/status" in API group "" in the namespace "namespace"', 'reason': 'Forbidden'

So I added services/status manually to the clusterRole.

Then I got:

cannot create resource \"twingateresources\" in API group \"twingate.com\" in the namespace \"namespace\"","reason":"Forbidden"

So I added 'create' manually to the clusterRole.

Then the resource was created. Alias works fine.

When I tried to add isVisible annotation, I got:

spec.isVisible: Invalid value: \\\"string\\\": spec.isVisible in body must be of type boolean

but k8s doesn't let you enter a non-string value in annotations. Both "False" and "false" didn't work.

Please kindly fix it. Thanks!

linear[bot] commented 2 months ago

OSS-32 Using the Operator with annotations have some problems

ErezWeiss commented 2 months ago

My changes so far:

  # Application
  - apiGroups: [twingate.com]
    resources: [twingateresources, twingateresourceaccesses, twingateconnectors]
    verbs: [list, watch, patch, get, create]

  - apiGroups: ["*"]
    resources: [pods, services, secrets, services/status]
    verbs: [list, watch, patch, get, create, delete]
ekampf commented 2 months ago

Thanks @ErezWeiss ! Pushed a fix and will release 0.10.1 ASAP

ekampf commented 2 months ago

@ErezWeiss FYI 0.10.1 is out

ErezWeiss commented 2 months ago

@ekampf Thanks!!