Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC missing permission for persistent-volume-binder #46770

Closed
n-marton opened this issue Jun 1, 2017 · 2 comments · Fixed by #46771
Closed

RBAC missing permission for persistent-volume-binder #46770

n-marton opened this issue Jun 1, 2017 · 2 comments · Fixed by #46771
Assignees
@n-marton
Labels
kind/bug Categorizes issue or PR as related to a bug. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/storage Categorizes an issue or PR as relevant to SIG Storage.
Milestone
v1.7

Comments

@n-marton
Copy link
Contributor

n-marton commented Jun 1, 2017

Is this a request for help? : No

What keywords did you search in Kubernetes issues before filing this one? : PVC, Openstack, RBAC

Is this a BUG REPORT or FEATURE REQUEST? : BUG REPORT

Kubernetes version (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"7+", GitVersion:"v1.7.0-alpha.4.666+461a8406a444e4-dirty", GitCommit:"461a8406a444e48fdec3c138f47a5f8b8abaf0c3", GitTreeState:"dirty", BuildDate:"2017-05-30T09:26:07Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Environment:

  • Cloud provider or hardware configuration: Openstack
  • OS (e.g. from /etc/os-release): Ubuntu 16.04
  • Kernel (e.g. uname -a): 4.4.0-47-generic
  • Install tools: kubeadm
  • Others: N/A

What happened: kube-controller-manager could not list nodes becase of missing permission for persistent-volume-binder service account.

What you expected to happen: persistent-volume-binder service account should be able to list nodes.

How to reproduce it (as minimally and precisely as possible): bootstrap a cluster with RBAC and try to create cinder PVC on openstack.

Anything else we need to know:
@k8s-github-robot
Copy link

@n-marton There are no sig labels on this issue. Please add a sig label by:
(1) mentioning a sig: @kubernetes/sig-<team-name>-misc
(2) specifying the label manually: /sig <label>

Note: method (1) will trigger a notification to the team. You can find the team list here.

@k8s-github-robot k8s-github-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 1, 2017
@n-marton n-marton mentioned this issue Jun 1, 2017
Merged
@n-marton
Copy link
Contributor Author

n-marton commented Jun 1, 2017

/sig auth

@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Jun 1, 2017
@k8s-github-robot k8s-github-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 1, 2017
@liggitt liggitt added this to the v1.7 milestone Jun 2, 2017
@liggitt liggitt added kind/bug Categorizes issue or PR as related to a bug. sig/storage Categorizes an issue or PR as relevant to SIG Storage. labels Jun 2, 2017
k8s-github-robot pushed a commit that referenced this issue Jun 5, 2017
Merge pull request #46771 from n-marton/46770-permission-for-volume-b…
0cff839 
…inder

Automatic merge from submit-queue (batch tested with PRs 46734, 46810, 46759, 46259, 46771)

Added node to persistent-volume-binder clusterrole

**What this PR does / why we need it**: Added missing permission to volume-binder clusterrole

**Which issue this PR fixes**: fixes #46770

**Special notes for your reviewer**: Non

**Release note**: Non
@msi88 msi88 mentioned this issue Jun 20, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@n-marton n-marton

Labels
kind/bug Categorizes issue or PR as related to a bug. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/storage Categorizes an issue or PR as relevant to SIG Storage.
Projects
None yet
Milestone
v1.7
Development

Successfully merging a pull request may close this issue.

Added node to persistent-volume-binder clusterrole n-marton/kubernetes
4 participants
@liggitt @k8s-github-robot @n-marton @k8s-ci-robot