Closed as not planned
Description
v0.0.9-rc.0 - use-case: one logstream-kube deployment watching pods in multiple namespaces.
if the namespace value is unset, logstream-kube should default to watching pods in all namespaces (assuming the proper permissions). this is not currently the case. my values, installed in the coder namespace:
USER-SUPPLIED VALUES:
url: https://eric-aks.demo.coder.com
my workspace is running in the coder-workspaces namespace, with the following role and rolebinding deployed:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder-logstream-kube-role
rules:
- apiGroups: [""]
resources: ["pods", "events"]
verbs: ["get", "watch", "list"]
- apiGroups: ["apps"]
resources: ["replicasets", "events"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: coder-logstream-kube-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: coder-logstream-kube-role
subjects:
- kind: ServiceAccount
name: coder-logstream-kube
namespace: coder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment