dghubble
commented
7 years ago CLUO examples work on any Kubernetes clusters derived from kubernetes-incubator/bootkube. These clusters require RBAC, but authorize the kube-system namespace as admin so CLUO works by using the kube-system namespace.
It would be useful to publish minimal RBAC manifests for folks setting up their cluster in a different way or running in a different namespace.
Deploying the operator in a kubernetes 1.7.3 cluster with RBAC enabled fails without providing an additional service account.
Controller:
error retrieving resource lock kube-system/container-linux-update-operator-lock: User "system:serviceaccount:kube-system:default" cannot get endpoints in the namespace "kube-system". (get endpoints container-linux-update-operator-lock)Agents:
Error running agent process: failed to set node info: unable to update node "ip-xxx.ec2.internal": failed to get node "ip-xxx.ec2.internal": User "system:serviceaccount:kube-system:default" cannot get nodes at the cluster scope. (get nodes ip-xxx.ec2.internal)I would be great if the example would also include the required permissions to run this operator.