RBAC error for Jitsi

[ryannix123]

@ktenzer

Hi Keith,

It looks like a non-cluster-admin can't label the node in which I want to run Jitsi. Is it possible to do this without being an admin?

oc label nodes openshift app=jitsi
Error from server (Forbidden): nodes "openshift" is forbidden: User "rtn361@ads.northwestern.edu" cannot get nodes at the cluster scope: no RBAC policy matched

Everything else seems to work, I just can't get the JVB pod to deploy. https://meet-jitsi.apps.cloudapps.northwestern.edu

[ktenzer]

No you need to be a cluster admin to label nodes. Why cant you just get a cluster admin account? There should be a role called cluster-admin, just create an account and give it cluster-admin role.

Keith

On Tue, Oct 13, 2020 at 11:34 AM Ryan T Nix notifications@github.com wrote:

@ktenzer https://github.com/ktenzer

Hi Keith,

It looks like a non-cluster-admin can't label the node in which I want to run Jitsi. Is it possible to do this without being an admin?

oc label nodes openshift app=jitsi Error from server (Forbidden): nodes "openshift" is forbidden: User "rtn361@ads.northwestern.edu" cannot get nodes at the cluster scope: no RBAC policy matched

Everything else seems to work, I just can't get the JVB pod to deploy. https://meet-jitsi.apps.cloudapps.northwestern.edu

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sa-mw-dach/podium/issues/19, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADK5DZLKS6EVCHFBUN2TRLSKSMUZANCNFSM4SPNUN6A .

[ryannix123]

I could certainly add my account to the cluster-admin role, but I'd rather not for security reasons. Besides, eventually, I would like to deploy to Openshift.com, and I won't have cluster-admin access there.

I took your advice, and I'm trying to set up the Operators function on OKD 3.11. I have OLM installed, now but it didn't come with the Openshift-marketplace, which seems to be required by the Podium project, so I'll try and get that set up today.

[ktenzer]

You still need to label a node. Podium wont work on openshift.com because you need a routable IP address else you can do video conferencing. Remember video conferencing works by sending a video stream over UDP to the video bridge which runs on a pod. That pod needs to run on a node with a routable IP address so it can be reached by the web browser. OpenShift dedicated would allow you to set that up or self hosted but OpenShift online definitely will not work.

Keith

On Wed, Oct 14, 2020 at 6:36 AM Ryan T Nix notifications@github.com wrote:

I could certainly add my account to the cluster-admin role, but I'd rather not for security reasons. Besides, eventually, I would like to deploy to Openshift.com, and I won't have cluster-admin access there.

I took your advice, and I'm trying to set up the Operators function on OKD 3.11. I have OLM installed, now but it didn't come with the Openshift-marketplace, which seems to be required by the Podium project, so I'll try and get that set up today.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sa-mw-dach/podium/issues/19#issuecomment-708406196, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADK5D6OJYMUV3WVQMDL2TTSKWSMVANCNFSM4SPNUN6A .

[ryannix123]

Good to know! Thanks, Keith. I should probably spin up a newer OKD 4.x server anyway.