Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service Account not being created in the correct namespace #2

Open
kengibous opened this issue May 19, 2020 · 0 comments
Open

Service Account not being created in the correct namespace #2

kengibous opened this issue May 19, 2020 · 0 comments

Comments

@kengibous
Copy link

kengibous commented May 19, 2020
edited
Loading

The panopta service account is getting created in the default namespace

https://github.com/Panopta/kubernetes/blob/master/panopta/templates/service-account.yaml

Does not have the namespace for the ServiceAccount, ClusterRole, ClusterRoleBinding

I believe the chart should be

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ .Chart.Name }}-serviceaccount
  namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ .Chart.Name }}-role
  namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
  resources: ["pods", "services", "nodes", "events", "componentstatuses", "persistentvolumes", "persistentvolumeclaims"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["metrics"]
  resources: ["*"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: {{ .Chart.Name }}-rolebinding
  namespace: {{ .Release.Namespace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: panopta-role
subjects:
- kind: ServiceAccount
  name: {{ .Chart.Name }}-serviceaccount
  namespace: {{ .Release.Namespace }}

I was able to get this to work by manually applying yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: panopta-serviceaccount
  namespace: panopta 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: panopta-role
  namespace: panopta 
rules:
- apiGroups: [""]
  resources: ["pods", "services", "nodes", "events", "componentstatuses", "persistentvolumes", "persistentvolumeclaims"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["metrics"]
  resources: ["*"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: panopta-rolebinding
  namespace: panopta 
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: panopta-role
subjects:
- kind: ServiceAccount
  name: panopta-serviceaccount
  namespace: panopta
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kengibous