Open antonmatsiuk opened 5 years ago
jcmoraisjr
commented
5 years ago Hi, it sounds you didn't create the cluster role binding which give all the permissions needed to the controller do its job. Actually there isn't a doc that say how to configure rbac to work on a single namespace - I'll label this issue and leave it open so this won't be forgotten.
antonmatsiuk
commented
5 years ago @jcmoraisjr Thank you, the problem was that ClusterRoleBinding was corrupted by an ingress in another namespace. Documentation on a multi-namespace ingress instantiation would be highly appreciated.
swapnilgawade16
commented
5 years ago Hi, it sounds you didn't create the cluster role binding which give all the permissions needed to the controller do its job. Actually there isn't a doc that say how to configure rbac to work on a single namespace - I'll label this issue and leave it open so this won't be forgotten.
I am trying to configure rbac to work in single namespace without using ClusterRole or ClusterRoleBinding. I am facing issue where haproxy ingress keeps throwing errors "cannot list [RESOURCES] at the cluster scope". I have added --watch-namespace still why is ingress trying to get cluster resources. Can you please provide a document that shows how to configure rbac with single namespace without using ClusterRole ? It would be really helpful. Thanks
jcmoraisjr
commented
3 years ago @swapnil1988 the "list resource at cluster scope issue" should be fixed since #578 and should be working fine on v0.10. If you have any problem please file a new issue with controller version, configurations and behavior.
After restarting kubernetes nodes HaProxy ingress was not able to access Ingress backends (503 HTTP Error). haproxy-ingress logs gave following errors (HaProxy is deployed in "monitoring" namespace):
Fixed by allowing "list" verb for "Pods" resource in "ingress-controller" Role in corresponding namespace.
Runtime: PhotonOS 4.9.130-2.ph2-esx kubernetes v1.11.1 Docker version 17.06.0-ce