Closed naeemrashid closed 5 years ago
jackhaibo
commented
5 years ago I also fail with
F1016 14:11:08.905463 8 main.go:108] failed to create election: endpoints "example" is forbidden: User "system:serviceaccount:default:default" cannot get endpoints in the namespace "default"
yeswanthmenni
commented
5 years ago `apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: fabric8-rbac subjects:
This helped me.. In my case am using different namespace to create endpoint / using leader elector there. Modifined according to my requirement. But if we want default namespace .. we can use above YAML.
Source : https://github.com/fabric8io/fabric8/issues/6840#issuecomment-307560275
naeemrashid
commented
5 years ago using cluster-admin is not a recommend approach, I have added RBAC rules for endpoints to get it working.
apiVersion: v1
kind: ServiceAccount
metadata:
name: leader-elector
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: leader-elector
rules:
- apiGroups:
- ""
- "extensions"
resources:
- endpoints
verbs:
- create
- delete
- get
- patch
- update
resources:
- namespaces
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: leader-elector
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: leader-elector
subjects:
- kind: ServiceAccount
# note: the cluster role binding needs to be defined
# for every namespace the operator service account lives in.
name: leader-elector
namespace: default
I tried to run leader elector but failing with
crashLoopbackOff. Logs show the output ofIs this something related to RBAC.
kubernetes version: v1.10.0