Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doesn't it work with RBAC? #6

Open
horakmar opened this issue Jan 18, 2018 · 0 comments
Open

Doesn't it work with RBAC? #6

horakmar opened this issue Jan 18, 2018 · 0 comments

Comments

@horakmar
Copy link

Hi.
Is this still usable thing? I need exactly its functionality (freezing pods data volumes) and was very pleased, that something exists for it. Unfortunately it doesn't work with my new version of Kube cluster. :-(
I am new to Kubernetes and have no Go abilities, so please consider it if possible.
I installed according to README (secret, minions, apiserver, service).
Then I tried to list (or freeze) volume from apiserver pod:

# kvfctl list dokuwiki-656455b4f-5hhcg -t '<token>' -v
INFO[0000] Turn on verbose logging                      
Unauthorized

Apiserver says:

$ kub logs kube-volume-freezer-apiserver-846bd7d456-ndd88 -f
time="2018-01-18T12:16:52Z" level=info msg="Turn on authentication for clients" 
time="2018-01-18T12:16:52Z" level=info msg="Use token to authenticate to Minions" 
time="2018-01-18T12:16:52Z" level=info msg="Start listening on 0.0.0.0:8080" 
time="2018-01-18T12:19:32Z" level=error msg="Handler for GET /volumes/default/dokuwiki-6564c55b4f-5hhcg returned 500 Unauthorized" 

The token and authentication to freezer-apiserver seems to be OK, because when I use invalid token then apiserver doesn't print that Unauthorized line to the log.

My opinion is, that it has to use some RBAC settings (roles, rolebindings), but I don't know what.

Or, is there any other solution for volume freezing?
Thank you very much for answer.

@horakmar horakmar changed the title Doesn't work with RBAC? Doesn't it work with RBAC? Jan 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant