Closed davidjumani closed 3 years ago
@onitake @joschi36 Can you review ?
Can use the image over at davidjumani/cloudstack-kubernetes-provider:k-v1.18.18
Thanks
@rhtyd Added docker builds to travis. Unit tests are needed which is tracked in https://github.com/apache/cloudstack-kubernetes-provider/issues/23
Hey @davidjumani
Can use the image over at davidjumani/cloudstack-kubernetes-provider:k-v1.18.18
Is it possible that it's not build as a non-root container, as I can't start it on my cluster.
Error: failed to start container "cloud-controller-manager": Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"/root/cloudstack-ccm\": stat /root/cloudstack-ccm: permission denied": unknown
@joschi36 I've rebuilt it, can you pull it again and try ? @onitake Reverted the change and will open a separate PR
Thanks, @davidjumani . LGTM from a formal point of view, but please wait for test results from @joschi36 .
Thanks @onitake, we'll wait to hear from @joschi36 on tests
@davidjumani When running in my setup I had to change RBAC rules.
Got this error:
I0503 12:44:20.142166 1 leaderelection.go:247] failed to acquire lease kube-system/cloud-controller-manager
E0503 12:44:23.753152 1 leaderelection.go:324] error retrieving resource lock kube-system/cloud-controller-manager: leases.coordination.k8s.io "cloud-controller-manager" is forbidden: User "system:serviceaccount:kube-system:cloud-controller-manager" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
Maybe we need to update the ClusterRole as well in the file deployment.yaml. Or even better, create a new Role and RoleBinding limiting this change to only the Namespace.
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
Sorry for the late review, I'm very busy at the moment.
@joschi36 I think this issue is not tied to the minor version bump, but was introduced with k8s 1.17. I know that you are busy, but could you test the proposed role change and open a separate PR? Or, I could do it if you tell me (via PM) which cluster I can test this on.
Fixes https://github.com/apache/cloudstack-kubernetes-provider/issues/28