External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-25 04:45:04 -02:30
Code Issues Packages Projects Releases Wiki Activity

Update cilium-operator clusterrole (#7416)

Browse Source 
When upgrading cilium from 1.8.8 to 1.9.5 I ran into the following
error:

level=error msg="Unable to update CRD" error="customresourcedefinitions.apiextensions.k8s.io
\"ciliumnodes.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\"
cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the
cluster scope" name=CiliumNode/v2 subsys=k8s

The fix was to add the update verb to the clusterrole. I also added
create to match the clusterrole created by the cilium helm chart.
This commit is contained in:
Frank Ritchie
2021-03-29 03:04:51 -04:00
committed by GitHub
parent db43891f2b
commit 5b0e88339a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/network_plugin/cilium/templates/cilium-cr.yml.j2
View File

@@ -66,8 +66,10 @@ rules:
resources: resources:
- customresourcedefinitions - customresourcedefinitions
verbs: verbs:
- create
- get - get
- list - list
- update
- watch - watch
{% if cilium_version | regex_replace('v') is version('1.8', '>=') %} {% if cilium_version | regex_replace('v') is version('1.8', '>=') %}
# For cilium-operator running in HA mode. # For cilium-operator running in HA mode.