Closed FaKod closed 6 years ago
Sounds like it might be a problem with RBAC, but off the top of my head I wouldn't have expected anything to have changed.
Is this a v1.6 vs v1.7 issue? i.e. does the same manifest work on 1.6?
I don't think this manifest was updated for K8s 1.6 (or RBAC). It still contains the tolerations for K8s 1.5:
scheduler.alpha.kubernetes.io/tolerations: |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
{"key": "CriticalAddonsOnly", "operator": "Exists"}]
@FaKod did you ever find a fix for this?
If so would you be open to contributing it upstream?
No, sorry, I switched to the API Server "version" and K8s 1.7.x. That works fine for me.
Going to close since this is for an old version of calico/canal.
Expected Behavior
I tried to use Canal with tls secured etcd and RBAC enabled using canal_etcd_tls.yaml
I expected a working demo at http://docs.projectcalico.org/v2.4/getting-started/kubernetes/tutorials/simple-policy
Current Behavior
Networking didn't work at all and calico-policy-controller throws the following exception:
Possible Solution
More permissions (if that's the issue)?
Your Environment