Open chaosi-zju opened 1 hour ago
/assign chaosi-zju
cc @zhzhuang-zju please help confirm that this is indeed a problem.
Refer to other installation method, operator missed two rbac config:
Without these two RBAC configurations, the user system:admin
will not have permission to access cluster.karmada.io
. As a result, the kubeconfig
used by karmadactl
will not be able to access member clusters.
I think this is an omission during the installation of the Karmada instance by the Karmada operator. Do you have any ideas to resolve this?
yes, I raised a PR https://github.com/karmada-io/karmada/pull/5572 to resolve it
What happened:
I have a karmada control plane installed by karmada-operator and it has joined a member cluster (member1). When I execute the command
karmadactl --operation-scope members
, it failed with following error message:What you expected to happen:
The result should be like this:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Refer to other installation method, operator missed two rbac config:
cluster-proxy-admin
```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: "2024-09-19T08:22:24Z" labels: karmada.io/system: "true" name: cluster-proxy-admin resourceVersion: "282" uid: 1561fe60-eec6-405d-a981-0a9ca417c09d rules: - apiGroups: - cluster.karmada.io resources: - clusters/proxy verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: creationTimestamp: "2024-09-19T08:22:24Z" labels: karmada.io/system: "true" name: cluster-proxy-admin resourceVersion: "283" uid: ddebc2b0-2ead-4fca-bf8e-40d6634b5d8f roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-proxy-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: system:admin ```when this two rbac config applied to karmada, the issue gone.
Environment:
kubectl-karmada version
orkarmadactl version
):