search

zilliztech / milvus-operator

The Kubernetes Operator of Milvus.
https://milvus.io
Apache License 2.0
45 stars 23 forks source link

Failed to create resource due to perms cluster-pulsar #61

Open webcoderz opened 9 months ago

webcoderz commented 9 months ago

controller.helm warning: Upgrade "cluster-pulsar" failed: failed to create resource: clusterroles.rbac.authorization.k8s.io "cluster-pulsar-prometheus" is forbidden: user "system:serviceaccount:milvus-cluster-operator:milvus-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:milvus-cluster-operator" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: {APIGroups:[""], Resources:["endpoints"], Verbs:["get" "list" "watch"]} {APIGroups:[""], Resources:["nodes"], Verbs:["get" "list" "watch"]} {APIGroups:[""], Resources:["nodes/proxy"], Verbs:["get" "list" "watch"]} {NonResourceURLs:["/metrics"], Verbs:["get"]}

When trying to install the Milvus cluster

webcoderz commented 9 months ago

Fixed with this


apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: milvus-operator-additional
rules:
- apiGroups: [""]
  resources: ["endpoints", "nodes", "nodes/proxy"]
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: milvus-operator-additional-binding
subjects:
- kind: ServiceAccount
  name: milvus-operator
  namespace: milvus-cluster-operator
roleRef:
  kind: ClusterRole
  name: milvus-operator-additional
  apiGroup: rbac.authorization.k8s.io
haorenfsa commented 9 months ago

hi @webcoderz, thank you for the feedback! Could you also provide your Milvus CR manifest for our further investigation?

webcoderz commented 8 months ago

Yea will send over in the morning