search

datawire / ambassador-chart

Helm Chart for Installing Ambassador
42 stars 60 forks source link

enableAES false leads to RBAC errors #187

Closed wiegandf closed 3 years ago

wiegandf commented 3 years ago

I am using helm chart verson 6.5.13 with ambassador 1.9.1.

Setting enableAES to false shows the following errors in ambassador:

E0317 13:37:10.849199      94 leaderelection.go:320] error retrieving resource lock api-gateway/kale: leases.coordination.k8s.io "kale" is forbidden: User "system:serviceaccount:api-gateway:ambassador" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "api-gateway"

Looks like this permission https://github.com/datawire/ambassador-chart/blob/a910174bd9ca252056fa30c72b6374f750490d1c/templates/rbac.yaml#L51 is still required. But what makes ambassador still trying to retrieve resource-locks, shouldn't it be disabled when enableAES is false?

wiegandf commented 3 years ago

Was using the aes image...... Sorry for opening the issue