search

koli / kong-ingress

[DEPRECATED] A Kubernetes Ingress for Kong
Other
93 stars 14 forks source link

thirdpartyresources.extensions issue #29

Closed arundeepkurni closed 6 years ago

arundeepkurni commented 6 years ago

while kube-ingress deploy, throwing below error: F1130 22:55:42.706514 1 main.go:139] failed creating domains TPR: thirdpartyresources.extensions is forbidden: User "system:serviceaccount:kong-system:default" cannot create thirdpartyresources.extensions at the cluster scope

k8s V1.8, thirdpartyresources.extensions are removed @ https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-third-party-resource/

sandromello commented 6 years ago

Hello, Have you tried a more recent release? https://github.com/koli/kong-ingress/releases/tag/v0.3.0-alpha

arundeepkurni commented 6 years ago

after upgrading https://github.com/koli/kong-ingress/releases/tag/v0.3.0-alpha, getting below error:

I1202 05:04:24.940924 1 main.go:127] Kong Version: v0.11.2 F1202 05:04:24.947443 1 main.go:140] failed creating domains TPR: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kong-system:default" cannot create customresourcedefinitions.apiextensions.k8s.io at the cluster scope

sandromello commented 6 years ago

I'm going to improve the documentation later and add RBAC examples for this controller.

With the following cluster role and cluster role binding the controller will work:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: kong-ingress-controller
rules:
- apiGroups:
  - platform.koli.io
  resources:
  - domains
  verbs:
  - "*"
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - "*"
- apiGroups:
  - ""
  resources:
  - services
  - events
  verbs:
  - "*"
- apiGroups:
  - extensions
  - apps
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kong-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kong-ingress-controller
subjects:
- kind: ServiceAccount
  name: default
  namespace: kong-system

Let me know if you have any problems.

arundeepkurni commented 6 years ago

solved my problem, thank you. looking for doc changes.