Comments (2)
wibed
commented on August 11, 2024
to specify further.
the namespace, serviceaccount, clusterrole aswell as the clusterrolebinding are set.
i still get the, xxx is forbidden resource... access denied.
Name: cluster0-kubernetes-replicator
Labels: app.kubernetes.io/instance=cluster0
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kubernetes-replicator
app.kubernetes.io/version=v2.9.1
helm.sh/chart=kubernetes-replicator-2.9.1
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get watch list create update patch delete describe]
cronjobs [] [] [get watch list create update patch delete describe]
deployments [] [] [get watch list create update patch delete describe]
events [] [] [get watch list create update patch delete describe]
ingresses [] [] [get watch list create update patch delete describe]
jobs [] [] [get watch list create update patch delete describe]
pods/attach [] [] [get watch list create update patch delete describe]
pods/exec [] [] [get watch list create update patch delete describe]
pods/log [] [] [get watch list create update patch delete describe]
pods/portforward [] [] [get watch list create update patch delete describe]
pods [] [] [get watch list create update patch delete describe]
rolebindings [] [] [get watch list create update patch delete describe]
roles [] [] [get watch list create update patch delete describe]
secrets [] [] [get watch list create update patch delete describe]
services [] [] [get watch list create update patch delete describe]
configmaps.apps [] [] [get watch list create update patch delete describe]
cronjobs.apps [] [] [get watch list create update patch delete describe]
deployments.apps [] [] [get watch list create update patch delete describe]
events.apps [] [] [get watch list create update patch delete describe]
ingresses.apps [] [] [get watch list create update patch delete describe]
jobs.apps [] [] [get watch list create update patch delete describe]
pods.apps/attach [] [] [get watch list create update patch delete describe]
pods.apps/exec [] [] [get watch list create update patch delete describe]
pods.apps/log [] [] [get watch list create update patch delete describe]
pods.apps/portforward [] [] [get watch list create update patch delete describe]
pods.apps [] [] [get watch list create update patch delete describe]
rolebindings.apps [] [] [get watch list create update patch delete describe]
roles.apps [] [] [get watch list create update patch delete describe]
secrets.apps [] [] [get watch list create update patch delete describe]
services.apps [] [] [get watch list create update patch delete describe]
configmaps.batch [] [] [get watch list create update patch delete describe]
cronjobs.batch [] [] [get watch list create update patch delete describe]
deployments.batch [] [] [get watch list create update patch delete describe]
events.batch [] [] [get watch list create update patch delete describe]
ingresses.batch [] [] [get watch list create update patch delete describe]
jobs.batch [] [] [get watch list create update patch delete describe]
pods.batch/attach [] [] [get watch list create update patch delete describe]
pods.batch/exec [] [] [get watch list create update patch delete describe]
pods.batch/log [] [] [get watch list create update patch delete describe]
pods.batch/portforward [] [] [get watch list create update patch delete describe]
pods.batch [] [] [get watch list create update patch delete describe]
services.batch [] [] [get watch list create update patch delete describe]
configmaps.extensions [] [] [get watch list create update patch delete describe]
cronjobs.extensions [] [] [get watch list create update patch delete describe]
deployments.extensions [] [] [get watch list create update patch delete describe]
events.extensions [] [] [get watch list create update patch delete describe]
ingresses.extensions [] [] [get watch list create update patch delete describe]
jobs.extensions [] [] [get watch list create update patch delete describe]
pods.extensions/attach [] [] [get watch list create update patch delete describe]
pods.extensions/exec [] [] [get watch list create update patch delete describe]
pods.extensions/log [] [] [get watch list create update patch delete describe]
pods.extensions/portforward [] [] [get watch list create update patch delete describe]
pods.extensions [] [] [get watch list create update patch delete describe]
rolebindings.extensions [] [] [get watch list create update patch delete describe]
roles.extensions [] [] [get watch list create update patch delete describe]
secrets.extensions [] [] [get watch list create update patch delete describe]
services.extensions [] [] [get watch list create update patch delete describe]
serviceaccounts [] [] [get watch list create update patch delete]
rolebindings.rbac.authorization.k8s.io [] [] [get watch list create update patch delete]
roles.rbac.authorization.k8s.io [] [] [get watch list create update patch delete]
namespaces [] [] [get watch list]from kubernetes-replicator.
wibed
commented on August 11, 2024
solution
was to keep the name empty, as it has to be the configured fullname administered.
serviceAccount:
create: true
annotations: {}
name:
privileges:
- apiGroups: [ "", "apps", "extensions" ]
resources: ["secrets", "configmaps", "roles", "rolebindings", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: [ "batch" ]
resources: ["configmaps", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]from kubernetes-replicator.
Related Issues (20)
- Allow replication of only certain keys
- Publishing a new Helm Chart version HOT 1
- New Release Timeline? HOT 1
- How to reduce log level to warning from info HOT 10
- how often does the controller check secrets for changes and re-synch? HOT 1
- Allow setting an arbitrary name for the copied Secret resource
- Configurable object types only being replicated HOT 4
- Replication fails randomly on different namespaces during initial startup
- ServiceAccount replication doesn't preserve annotations HOT 1
- Secrets has been deployed with khelm and ArgoCD wants to delete it
- Support replication for Custom Resource
- Proposal: "Pull-based" Replication Using Service Account for Kubernetes-Replicator
- Question Regarding Kubernetes-Replicator's Version Support Policy HOT 1
- fix: secret is replicated to only partial namespaces HOT 1
- not reliable replication
- Allow to disable secret overwrite. Use annotation to protect original values of existing secret in target namespace HOT 1
- Replicatior keep track of removed secrets and loop for wildcard regex in replication-allowed-namespaces.
- Failed to watch secrets: Stream Error
- Helm chart down? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-replicator.