Closed pstreule closed 5 years ago
Background
The way our k8s access control is configured, users generally don't have permissions to list all pods or services in the cluster.
For example GET /api/v1/pods will fail with User "<user>" cannot list resource "pods" in API group "" at the cluster scope
GET /api/v1/pods
User "<user>" cannot list resource "pods" in API group "" at the cluster scope
Issue
Deploying using serverless deploy itself works, but the deployment progress checks fail, as these use /api/v1/pods and /api/v1/services.
serverless deploy
/api/v1/pods
/api/v1/services
The deployment code is namespace-aware, so I think the progress checks should use the namespaced APIs, too, i.e. /api/v1/namespaces/<namespace>/pods.
/api/v1/namespaces/<namespace>/pods
Possible solution
I created a PR with a possible fix here: PR #159
Background
The way our k8s access control is configured, users generally don't have permissions to list all pods or services in the cluster.
For example
GET /api/v1/pods
will fail withUser "<user>" cannot list resource "pods" in API group "" at the cluster scope
Issue
Deploying using
serverless deploy
itself works, but the deployment progress checks fail, as these use/api/v1/pods
and/api/v1/services
.The deployment code is namespace-aware, so I think the progress checks should use the namespaced APIs, too, i.e.
/api/v1/namespaces/<namespace>/pods
.Possible solution
I created a PR with a possible fix here: PR #159