External-dns: RBAC attempting to list pods
time="2018-03-09T13:02:19Z" level=error msg="List Pods of service[prometheus] error:pods is forbidden: User "system:serviceaccount:default:external-dns" cannot list pods in the namespace "default""
time="2018-03-09T13:02:19Z" level=error msg="List Pods of service[prometheus-exporter] error:pods is forbidden: User "system:serviceaccount:default:external-dns" cannot list pods in the namespace "default""
time="2018-03-09T13:02:19Z" level=info msg="All records are already up to date"
The RBAC permissions I'm giving it are similar to the ones that were just documented and neither call out listing pods permissions.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: external-dns
heritage: Tiller
release: external-dns
chart: external-dns-0.4.9
name: external-dns
rules:
- apiGroups:
- ""
- extensions
resources:
- ingresses
- services
verbs:
- get
- list
- watch
sstarcher
All 2 comments
I think the RBAC (docs?) needs to be updated..
hjacobs
on 9 Mar 2018
👍2
With the following ClusterRole configuration it works for me:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: clusterrole-external-dns
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
joekohlsdorf
on 23 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
lemaral
路
4Comments
Gnnng
路
3Comments
nyetwurk
路
4Comments
bzon
路
3Comments
naveeng68
路
4Comments
Most helpful comment
I think the RBAC (docs?) needs to be updated..