richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update cilium-operator clusterrole (#7416) 

When upgrading cilium from 1.8.8 to 1.9.5 I ran into the following
error:

level=error msg="Unable to update CRD" error="customresourcedefinitions.apiextensions.k8s.io
\"ciliumnodes.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\"
cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the
cluster scope" name=CiliumNode/v2 subsys=k8s

The fix was to add the update verb to the clusterrole. I also added
create to match the clusterrole created by the cilium helm chart.
pull/7419/head
Frank Ritchie 3 years ago
committed by GitHub
parent
db43891f2b
commit
5b0e88339a
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      roles/network_plugin/cilium/templates/cilium-cr.yml.j2

2
roles/network_plugin/cilium/templates/cilium-cr.yml.j2
View File

@ -66,8 +66,10 @@ rules:
resources: resources:
- customresourcedefinitions - customresourcedefinitions
verbs: verbs:
- create
- get - get
- list - list
- update
- watch - watch
{% if cilium_version | regex_replace('v') is version('1.8', '>=') %} {% if cilium_version | regex_replace('v') is version('1.8', '>=') %}
# For cilium-operator running in HA mode. # For cilium-operator running in HA mode.

Write Preview
Loading…
Cancel
Save