Skip to content
This repository was archived by the owner on Aug 12, 2025. It is now read-only.

fix: error retrieving bootstrap secret from kube api #89

Merged
merged 1 commit into from
May 26, 2020
Merged

fix: error retrieving bootstrap secret from kube api #89

merged 1 commit into from
May 26, 2020

Conversation

@gianarb
Copy link
Contributor

@gianarb gianarb commented May 26, 2020

The manager has to be able to retrieve secrets because that's how it
lookup bootstrap information. We didn't set the right permission

$ kubectl logs -f cluster-api-provider-packet-controller-manager-89c9f95b8-49hlq -n cluster-api-provider-packet-system -c manager -f
E0526 15:16:07.696352       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:08.698025       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:09.699755       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:10.700982       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:11.702393       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:12.704717       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope

@gianarb gianarb requested a review from deitch May 26, 2020 15:44
fix: error retrieving bootstrap secret from kube api
db490c9 
The manager has to be able to retrieve secrets because that's how it
lookup bootstrap information. We didn't set the right permission

```
$ kubectl logs -f cluster-api-provider-packet-controller-manager-89c9f95b8-49hlq -n cluster-api-provider-packet-system -c manager -f
E0526 15:16:07.696352       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:08.698025       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:09.699755       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:10.700982       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:11.702393       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
E0526 15:16:12.704717       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.2/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope
```
@gianarb gianarb merged commit d8780b0 into kubernetes-retired:master May 26, 2020
@gianarb gianarb deleted the fix/secret-list-perm branch May 26, 2020 16:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@deitch deitch deitch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gianarb @deitch