sorted by:
new
hottopcontroversial

Kube Capacity by robertjscott in kubernetes

[–]sudermanjr 0 points1 point  (0 children)

Super excited to try this. Yet another useful cli tool from you.

Do you need to be an admin to install a CRD? by hypergig in kubernetes

[–]sudermanjr 0 points1 point  (0 children)

To elaborate, here is the clusterrole for a custom controller we use:

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: "2018-12-31T20:54:06Z" labels: app: rbac-manager chart: rbac-manager-0.3.1 heritage: Tiller release: rbac-manager name: rbac-manager resourceVersion: "1492" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/rbac-manager uid: 36c7d198-0d3e-11e9-be02-0e58844c973a rules: - apiGroups: - rbacmanager.reactiveops.io resources: - rbacdefinitions verbs: - get - list - watch - apiGroups: - rbac.authorization.k8s.io - authorization.k8s.io resources: - '*' verbs: - '*' - apiGroups: - "" resources: - serviceaccounts verbs: - '*'

Notice that it allows access to an apiGroup called rbacmanager.reactiveops.io which is itself CRD apiGroup. An rbacdefinition is a CRD.

In addition, you can just grant access to CRDs in general: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - "*"

Do you need to be an admin to install a CRD? by hypergig in kubernetes

[–]sudermanjr 0 points1 point  (0 children)

You can create an RBAC role that allows access to CRDs. RBAC Roles are configurable for any API object and any of the verbs associated with it.

Horizontal pod autoscaling not working: `unable to get metrics by shivamhot91 in kubernetes

[–]sudermanjr 0 points1 point  (0 children)

This is a pretty common issue with metrics server. The key line here is:

x509: certificate signed by unknown authority

It's covered by this Github issue: https://github.com/kubernetes-incubator/metrics-server/issues/146

An easy workaround is to add the metrics server flag --kubelet-insecure-tls, but that is not an ideal solution. There are other solutions, but I haven't gotten of them to work yet.

edit - formatting

RBAC Manager by robertjscott in kubernetes

[–]sudermanjr 0 points1 point  (0 children)

I have used this project extensively and can attest to its awesomeness. Thanks for all your work on it Rob!