Closed arundeepkurni closed 6 years ago
Hello, Have you tried a more recent release? https://github.com/koli/kong-ingress/releases/tag/v0.3.0-alpha
after upgrading https://github.com/koli/kong-ingress/releases/tag/v0.3.0-alpha, getting below error:
I1202 05:04:24.940924 1 main.go:127] Kong Version: v0.11.2 F1202 05:04:24.947443 1 main.go:140] failed creating domains TPR: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kong-system:default" cannot create customresourcedefinitions.apiextensions.k8s.io at the cluster scope
I'm going to improve the documentation later and add RBAC examples for this controller.
With the following cluster role and cluster role binding the controller will work:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kong-ingress-controller
rules:
- apiGroups:
- platform.koli.io
resources:
- domains
verbs:
- "*"
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
- apiGroups:
- ""
resources:
- services
- events
verbs:
- "*"
- apiGroups:
- extensions
- apps
resources:
- ingresses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kong-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kong-ingress-controller
subjects:
- kind: ServiceAccount
name: default
namespace: kong-system
Let me know if you have any problems.
solved my problem, thank you. looking for doc changes.
while kube-ingress deploy, throwing below error: F1130 22:55:42.706514 1 main.go:139] failed creating domains TPR: thirdpartyresources.extensions is forbidden: User "system:serviceaccount:kong-system:default" cannot create thirdpartyresources.extensions at the cluster scope
k8s V1.8, thirdpartyresources.extensions are removed @ https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-third-party-resource/