Closed rohityadavcloud closed 5 months ago
This is possibly already not an issue with ACS 4.18.1 and above that allows end-users to select a public IP in shared network etc. Needs testing, if it's already addressed we close this and update the docs/website; otherwise move this to the next v0.5.0 milestone.
Moving to v0.5.0 since this is a new feature and we are only prioritizing vital bugfixes for v0.4.9
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
cc @kiranchavala @vishesh92 @weizhouapache to advise if this is still applicable/relevant? Or can a normal user account also use CAPC without any issues?
cc @kiranchavala @vishesh92 @weizhouapache to advise if this is still applicable/relevant? Or can a normal user account also use CAPC without any issues?
@rohityadavcloud I will do a quick testing and update you
No issue when deploy capc cluster as a domain admin
Failed to deploy capc cluster as regular user
E0322 14:54:15.732481 1 controller.go:326] "msg"="Reconciler error" "error"="parsing ACSEndpoint secret with ref: {cloudstack-credentials-user default}: resolving account ACSUser details: resolving domain details: CloudStack API error 432 (CSExceptionErrorCode: 9999): The API [listDomains] does not exist or is not available for the account Account [{\"accountName\":\"ACSUser\",\"id\":4,\"uuid\":\"d744ea6d-45ca-4b4f-aee7-1b057d5ccb8f\"}]." "cloudStackFailureDomain"={"name":"590ec016fd8ebae981d65adf1e7306e8","namespace":"default"} "controller"="cloudstackfailuredomain" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="CloudStackFailureDomain" "name"="590ec016fd8ebae981d65adf1e7306e8" "namespace"="default" "reconcileID"="da10e689-dda1-495e-af9e-a0c0e71d8a8f"
the fix seems simple. cc @rohityadavcloud @vishesh92
it has been mentioned in https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/main/docs/book/src/topics/cloudstack-permissions.md
The account that CAPC runs under must minimally be a Domain Admin type account with a role offering the following permissions
/kind feature
Describe the solution you'd like
While this is documented at https://cluster-api-cloudstack.sigs.k8s.io/topics/cloudstack-permissions I would prefer if I can use CAPC as a normal user account without any issues for support network models such as shared network, vpc and isolated network.
Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]
Environment:
kubectl version
):/etc/os-release
):