Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup helm controller to use a rolebinding #7

Open
sacreman opened this issue Sep 30, 2019 · 1 comment
Open

setup helm controller to use a rolebinding #7

sacreman opened this issue Sep 30, 2019 · 1 comment
Assignees
@gamunu
Labels
enhancement New feature or request
Milestone
v1.3.0

Comments

@sacreman
Copy link
Contributor

Currently we use a clusterrolebinding and clusterrole.

We tried using a normal role and it fails on:

E0930 13:42:08.780111       1 reflector.go:134] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:95: Failed to list *v1.ClusterRoleBinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:test:helm-controller-hazzi" cannot list resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
@gamunu
Copy link
Collaborator

gamunu commented Oct 9, 2019

The controller creates clusterrole and clusterrolebiding that is required for helm job
https://github.com/Kubedex/helm-controller/blob/master/pkg/controller/helmchart/helmchart_controller.go#L128

For per namespace deployments we could modify the controller to use a role and rolebinding. Since this is changing the overall behaviour of how controller operates. We can have a feature flag to switch between keeping clusterrolebinding as the default. This is something we can prioritize.

@gamunu gamunu self-assigned this Oct 9, 2019
@gamunu gamunu added the enhancement New feature or request label Oct 9, 2019
@gamunu gamunu added this to the v1.3.0 milestone Oct 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gamunu gamunu

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.3.0
Development

No branches or pull requests
2 participants
@sacreman @gamunu