-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run kubent as cronjob #239
Comments
Hi @shomeprasanjit thanks for raising this 👍 . So you won't be able to use the node role, as K8s has a special Node Authorization mechanism, which allows nodes to only access ConfigMaps/Secrets for the relevant Pods, i.e. the Pods bound to that node. I think you'll need to create a new kind: ClusterRole
metadata:
name: reader
rules:
# note that "" indicates only the core API group -> use "*" for all
- apiGroups: ["*"]
verbs: ["get", "watch", "list"] I think the 🎄 |
@stepanstipl : still getting the same error. the additional permission you mentioned didn't help. 9:40AM ERR Failed to retrieve data from collector error="Get "https://8FC721A9E1108C283C54D098D686A42B.yl4.us-west-2.eks.amazonaws.com/api/v1/secrets?labelSelector=OWNER%3DTILLER\": getting credentials: exec: exec: "aws": executable file not found in $PATH" name="Helm v2" 9:40AM ERR Failed to retrieve data from collector error="list: failed to list: Get "https://8FC721A9E1108C283C54D098D686A42B.yl4.us-west-2.eks.amazonaws.com/api/v1/secrets?labelSelector=owner%3Dhelm\": getting credentials: exec: exec: "aws": executable file not found in $PATH" name="Helm v3" |
Hi @shomeprasanjit - the error seems to be different. The first one you shared was about missing permissions:
The second error:
seems to be referring to the missing There should be no need for one inside the container, as since #237 kubent should correctly recognize that it's being executed from within the cluster and pickup the relevant service account. |
Hello @stepanstipl, I didn't install
Here is the full manifest for your reference.
Here is my kubeconfig
can you please provide me a correct manifest to implement it from within Kubernetes environment. |
@shomeprasanjit just to confirm, you're trying to connect to the very same cluster where your pod is running, correct? If so, there's no need for the kubeconfig at all, simply remove it from your pod (also you should not need the awscli - that was because of the
|
Hi, I've prepared #302 which comes with functional cronjob, pushgateway and grafana dashboard - more details in my fork https://github.com/milanholubstratox/kube-no-trouble/blob/CNINF-502-kubernetes-cronjob-deployment/docs/kubernetes-deploy-cronjob.md Please check it out! @stepanstipl - could you review my PR? |
Message to comment on stale issues. If none provided, will not mark issues stale |
This Issue was closed because it has been stalled for 30 days with no activity. |
This should be covered in #241 |
@stepanstipl : i am trying to run kubent within a pod and have created a docker container for the same. I am getting the below error while trying to do so.
checked system:node clusterrole which already has the necessary permission for accessing secrets.
Also, provide cluster-admin role to a service account IVT which is used for spinning up the cronjob or deployment.
The requirement is to identify:
The text was updated successfully, but these errors were encountered: