Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix rbac issue in rbd plugin #234

Merged
merged 2 commits into from
Feb 27, 2019
Merged

Fix rbac issue in rbd plugin #234

merged 2 commits into from
Feb 27, 2019

Conversation

Madhu-1
Copy link
Collaborator

@Madhu-1 Madhu-1 commented Feb 27, 2019

remove unwanted rules and update
rbac to have permission to modify
endpoints and configmaps in the
current namespace.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
@@ -10,9 +10,6 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-external-attacher-runner
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "update"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "create", "update"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Feb 27, 2019

@rootfs done PTAL

@rootfs
Copy link
Member

rootfs commented Feb 27, 2019

@Madhu-1 thanks, can you update these rbd in Rook as well?

@rootfs rootfs merged commit 5cabfe7 into ceph:csi-v1.0 Feb 27, 2019
Copy link
Contributor

@kfox1111 kfox1111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, but needs a helm version bump.

@Madhu-1 Madhu-1 mentioned this pull request Feb 28, 2019
5 tasks
@dylanzr
Copy link
Contributor

dylanzr commented Mar 2, 2019

I get errors due to the removal of events from the provisioner. We're managing volumes outside of the namespace where the CSI components live. Is this something that should be added back for the provisioner?

E0302 22:02:07.575764       1 event.go:203] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"golden-centos76.1588435a7e57ee35", GenerateName:"", Namespace:"golden-images", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, InvolvedObject:v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"golden-images", Name:"golden-centos76", UID:"d2110b53-3d36-11e9-88bd-0a580a80000c", APIVersion:"v1", ResourceVersion:"18717044", FieldPath:""}, Reason:"ProvisioningSucceeded", Message:"Successfully provisioned volume pvc-d2110b53-3d36-11e9-88bd-0a580a80000c", Source:v1.EventSource{Component:"csi-rbdplugin_csi-rbdplugin-provisioner-0_4bc15f22-3d36-11e9-93ba-da75cd15e5f4", Host:""}, FirstTimestamp:v1.Time{Time:time.Time{wall:0xbf16dd37e244f835, ext:231754289826, loc:(*time.Location)(0x227cd40)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xbf16dd37e244f835, ext:231754289826, loc:(*time.Location)(0x227cd40)}}, Count:1, Type:"Normal", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}': 'events is forbidden: User "system:serviceaccount:default:rbd-csi-provisioner" cannot create resource "events" in API group "" in the namespace "golden-images"' (will not retry!)

Madhu-1 added a commit to Madhu-1/ceph-csi that referenced this pull request Mar 4, 2019
Fixes: #ceph#234 (comment)

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
mergify bot pushed a commit that referenced this pull request Mar 4, 2019
Fixes: ##234 (comment)

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
wilmardo pushed a commit to wilmardo/ceph-csi that referenced this pull request Jul 29, 2019
Fix rbac issue in rbd plugin
wilmardo pushed a commit to wilmardo/ceph-csi that referenced this pull request Jul 29, 2019
Fixes: #ceph#234 (comment)

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
yati1998 pushed a commit to yati1998/ceph-csi that referenced this pull request Feb 20, 2024
Syncing latest changes from release-v3.10 for ceph-csi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants