apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
namespace: my-namespace <--- if this line is not present, kubeworker should add the service namespace to this clusterrolebinding
name: controller-manager
log:
I0207 23:42:28.429094 14 client.go:163] Kubernetes Worker: successfully installed Namespace cluster-scope
I0207 23:42:28.429198 14 api_objects.go:320] Kubernetes Worker: creating cluster role {&ClusterRole{ObjectMeta:{manager-role 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []},Rules:[]PolicyRule{PolicyRule{Verbs:[create delete get list patch update watch],APIGroups:[demo.operator.golang.com],Resources:[topserviceoperators],ResourceNames:[],NonResourceURLs:[],},PolicyRule{Verbs:[update],APIGroups:[demo.operator.golang.com],Resources:[topserviceoperators/finalizers],ResourceNames:[],NonResourceURLs:[],},PolicyRule{Verbs:[get patch update],APIGroups:[demo.operator.golang.com],Resources:[topserviceoperators/status],ResourceNames:[],NonResourceURLs:[],},PolicyRule{Verbs:[create delete get list patch update watch],APIGroups:[apps],Resources:[deployments daemonsets replicasets statefulsets configmaps secrets],ResourceNames:[],NonResourceURLs:[],},},AggregationRule:nil,}}
I0207 23:42:28.440520 14 client.go:163] Kubernetes Worker: successfully installed ClusterRole manager-role
I0207 23:42:28.440602 14 api_objects.go:386] Kubernetes Worker: creating cluster role binding {&ClusterRoleBinding{ObjectMeta:{manager-rolebinding 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []},Subjects:[]Subject{Subject{Kind:ServiceAccount,APIGroup:,Name:controller-manager,Namespace:,},},RoleRef:RoleRef{APIGroup:rbac.authorization.k8s.io,Kind:ClusterRole,Name:manager-role,},}}
E0207 23:42:28.448589 14 kubeworker.go:117] Kubernetes Worker: failed to process kube package after agreement negotiation: Kubernetes Worker: Error creating the cluster rolebinding: ClusterRoleBinding.rbac.authorization.k8s.io "manager-rolebinding" is invalid: subjects[0].namespace: Required value
Clusterrolebinding.yml in operator
log: