Open antonmatsiuk opened 5 years ago
Hi, it sounds you didn't create the cluster role binding which give all the permissions needed to the controller do its job. Actually there isn't a doc that say how to configure rbac to work on a single namespace - I'll label this issue and leave it open so this won't be forgotten.
@jcmoraisjr Thank you, the problem was that ClusterRoleBinding was corrupted by an ingress in another namespace. Documentation on a multi-namespace ingress instantiation would be highly appreciated.
Hi, it sounds you didn't create the cluster role binding which give all the permissions needed to the controller do its job. Actually there isn't a doc that say how to configure rbac to work on a single namespace - I'll label this issue and leave it open so this won't be forgotten.
I am trying to configure rbac to work in single namespace without using ClusterRole or ClusterRoleBinding. I am facing issue where haproxy ingress keeps throwing errors "cannot list [RESOURCES] at the cluster scope". I have added --watch-namespace still why is ingress trying to get cluster resources. Can you please provide a document that shows how to configure rbac with single namespace without using ClusterRole ? It would be really helpful. Thanks
@swapnil1988 the "list resource at cluster scope issue" should be fixed since #578 and should be working fine on v0.10. If you have any problem please file a new issue with controller version, configurations and behavior.
After restarting kubernetes nodes HaProxy ingress was not able to access Ingress backends (503 HTTP Error). haproxy-ingress logs gave following errors (HaProxy is deployed in "monitoring" namespace):
Fixed by allowing "list" verb for "Pods" resource in "ingress-controller" Role in corresponding namespace.
Runtime: PhotonOS 4.9.130-2.ph2-esx kubernetes v1.11.1 Docker version 17.06.0-ce