Operator-sdk issue
Question
I had an Operator, and deploy it on 3 different namespaces in the same cluster, then I got the following errors. I could not figure out what's wrong here and how to fix them? Any idea for that?
E1111 15:02:48.398838 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
E1111 15:02:50.193666 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
1 answers
solution1
0 ACCPTED 2020-11-12 10:39:01
This message means that the service account you use for your Operator does misses certain permissions. You need to add Role which has permissions to list the resource Birds .
Something like this:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: operator
rules:
- apiGroups:
- xxxx.com
resources:
- birds
verbs:
- list
Needless to say, you also need to add ClusterRoleBinding .
Please check more details in the example: Build Your Operator with the Right Tool .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.