You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Sacchetti Michele (JIRA)" <ji...@apache.org> on 2018/05/25 09:09:00 UTC

[jira] [Commented] (IGNITE-8081) Document Kubernetes RBAC configuration to avoid 403 exception

    [ https://issues.apache.org/jira/browse/IGNITE-8081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490443#comment-16490443 ] 

Sacchetti Michele commented on IGNITE-8081:
-------------------------------------------

Since configuration on the link is missing the proper "endopints" permission I report here my working configuration.

K8: 1.9.2
Ignite: 2.4.0


{code}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ignite
  namespace: MY_NAMESPACE

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: ignite
  namespace: MY_NAMESPACE
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - endpoints
  verbs:
  - get
  - list
  - watch

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ignite
roleRef:
  kind: ClusterRole
  name: ignite
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: ignite
  namespace: MY_NAMESPACE

....

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ignite
  namespace: MY_NAMESPACE
  labels:
    app: ignite
...
spec:
  template:
    spec:
      serviceAccountName: ignite
{code}


> Document Kubernetes RBAC configuration to avoid 403 exception
> -------------------------------------------------------------
>
>                 Key: IGNITE-8081
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8081
>             Project: Ignite
>          Issue Type: New Feature
>          Components: documentation
>            Reporter: Denis Magda
>            Priority: Major
>             Fix For: 2.6
>
>
> It's reported by the users that sometimes Ignite Kubernetes IP finder fails to join the cluster due to security issues. To prevent the exception happening we need to document how to set up a Service Account for Ignite pods:
> https://stackoverflow.com/questions/49395481/how-to-setmasterurl-in-ignite-xml-config-for-kubernetes-ipfinder/49405879#49405879



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)