search

coder / coder-logstream-kube

Stream Kubernetes Pod events to the Coder startup logs
GNU Affero General Public License v3.0
10 stars 4 forks source link

logstream-kube does not default to watching all namespacs #28

Closed ericpaulsen closed 1 week ago

ericpaulsen commented 4 weeks ago

v0.0.9-rc.0 - use-case: one logstream-kube deployment watching pods in multiple namespaces.

if the namespace value is unset, logstream-kube should default to watching pods in all namespaces (assuming the proper permissions). this is not currently the case. my values, installed in the coder namespace:

USER-SUPPLIED VALUES:
url: https://eric-aks.demo.coder.com

my workspace is running in the coder-workspaces namespace, with the following role and rolebinding deployed:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: coder-logstream-kube-role
rules:
- apiGroups: [""]
  resources: ["pods", "events"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["apps"]
  resources: ["replicasets", "events"]
  verbs: ["get", "watch", "list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: coder-logstream-kube-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: coder-logstream-kube-role
subjects:
- kind: ServiceAccount
  name: coder-logstream-kube
  namespace: coder
matifali commented 1 week ago

Possibly a duplicate of #5