Closed mozai closed 2 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
So I have to keep adding noise/junk to this bug report every two weeks until it's resolved?
Can't reproduce, whit 3.5.0.
kind create cluster
Creating cluster "kind" ...
â Ensuring node image (kindest/node:v1.21.1) đŧ
â Preparing nodes đĻ
â Writing configuration đ
â Starting control-plane đšī¸
â Installing CNI đ
â Installing StorageClass đž
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Thanks for using kind! đ
helm install kube-state-metrics prometheus-community/kube-state-metrics
NAME: kube-state-metrics
LAST DEPLOYED: Tue Sep 21 20:06:00 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
The exposed metrics can be found here:
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
The metrics are exported on the HTTP endpoint /metrics on the listening port.
In your case, kube-state-metrics.default.svc.cluster.local:8080/metrics
They are served either as plaintext or protobuf depending on the Accept header.
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
k get po
NAME READY STATUS RESTARTS AGE
kube-state-metrics-869ddbd945-vr46r 1/1 Running 0 107s
k describe clusterrole kube-state-metrics
Name: kube-state-metrics
Labels: app.kubernetes.io/instance=kube-state-metrics
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kube-state-metrics
helm.sh/chart=kube-state-metrics-3.5.0
Annotations: meta.helm.sh/release-name: kube-state-metrics
meta.helm.sh/release-namespace: default
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [list watch]
endpoints [] [] [list watch]
limitranges [] [] [list watch]
namespaces [] [] [list watch]
nodes [] [] [list watch]
persistentvolumeclaims [] [] [list watch]
persistentvolumes [] [] [list watch]
pods [] [] [list watch]
replicationcontrollers [] [] [list watch]
resourcequotas [] [] [list watch]
secrets [] [] [list watch]
services [] [] [list watch]
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [list watch]
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [list watch]
daemonsets.apps [] [] [list watch]
deployments.apps [] [] [list watch]
replicasets.apps [] [] [list watch]
statefulsets.apps [] [] [list watch]
horizontalpodautoscalers.autoscaling [] [] [list watch]
cronjobs.batch [] [] [list watch]
jobs.batch [] [] [list watch]
certificatesigningrequests.certificates.k8s.io [] [] [list watch]
daemonsets.extensions [] [] [list watch]
deployments.extensions [] [] [list watch]
ingresses.extensions [] [] [list watch]
replicasets.extensions [] [] [list watch]
ingresses.networking.k8s.io [] [] [list watch]
networkpolicies.networking.k8s.io [] [] [list watch]
poddisruptionbudgets.policy [] [] [list watch]
storageclasses.storage.k8s.io [] [] [list watch]
volumeattachments.storage.k8s.io [] [] [list watch]
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
This issue is being automatically closed due to inactivity.
Describe the bug a clear and concise description of what the bug is.
Installing with default settings, no extra values.yaml , I see it creates ClusterRoleBinding with roleRef.name "kube-state-metrics", but there is no such ClusterRole.
Error messages in the Pod are:
Failed to watch v1.ReplicaSet: failed to list v1.ReplicaSet: replicasets.apps is forbidden: User "system:serviceaccount:ogi:kube-state-metrics" cannot list resource "replicasets" in API group "apps" at the cluster scope: RBAC: clusterrole.rbac.authorization.k8s.io "kube-state-metrics" not found
What's your helm version?
version.BuildInfo{Version:"v3.3.0", GitCommit:"8a4aeec08d67a7b84472007529e8097ec3742105", GitTreeState:"dirty", GoVersion:"go1.14.7"}
What's your kubectl version?
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.12", GitCommit:"5ec472285121eb6c451e515bc0a7201413872fa3", GitTreeState:"clean", BuildDate:"2020-09-16T13:39:51Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.20-eks-8c579e", GitCommit:"8c579edfc914f013ff48b2a2b2c1308fdcacc53f", GitTreeState:"clean", BuildDate:"2021-07-31T01:34:13Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Which chart?
kube-state-metrics
What's the chart version?
3.4.2
What happened?
Installing with default settings, no extra values.yaml , I see it creates ClusterRoleBinding with roleRef.name "kube-state-metrics", but there is no such ClusterRole.
Error messages in the Pod are:
Failed to watch v1.ReplicaSet: failed to list v1.ReplicaSet: replicasets.apps is forbidden: User "system:serviceaccount:ogi:kube-state-metrics" cannot list resource "replicasets" in API group "apps" at the cluster scope: RBAC: clusterrole.rbac.authorization.k8s.io "kube-state-metrics" not found
What you expected to happen?
kube-state-metrics installed, answers requests with useful information gleaned from the Kubernetes API
How to reproduce it?
helm install -n prommy prometheus-community/kube-state-metrics
Enter the changed values of values.yaml?
n/a
Enter the command that you execute and failing/misfunctioning.
kubectl -n prommy logs -c kube-state-metrics --tail 100
Anything else we need to know?
I can see in the templates/role.yaml these lines:
rbac.create
is true by default, andrbac.useExistingRole
is commented out.namespaces
is an empty string, which I believe{{range }}
will iterate zero times over... thus creating zero ClusterRoles. I could put a junk string innamespaces
but that will screw up the rolebinding and deployment templates.