Closed impatient closed 2 months ago
Worked fine. Needed these roles/bindings. Our use case was shorter lived and I was impatient, so I made a new lock with same lock leaser id, to set expiry closer.
If you're around/would accept PRs let me know.
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: lease-role
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "update", "patch", "get", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: lease-binding
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: service-account-for-deploy
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: lease-ref
apiGroup: rbac.authorization.k8s.io
Hi @impatient sorry the delay. We are actively using it in production. Thanks for the collaboration I will add the roles to the documentation. You are welcome to do a PR too.
Apologies for loads of questions. Like the idea and the implicit infrastructure. Feels like it would just work and am probably going to try it out either way, but would need tweaks for managing stale entries.
Also could see this having hundreds of leases in our use, which is probably more than the intent/will be the hardest sale to others on my team. Any thoughts there?