jwitko commented on code in PR #13747:
URL: https://github.com/apache/druid/pull/13747#discussion_r1100571768
##########
helm/druid/templates/broker/role.yaml:
##########
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "druid.broker.fullname" . }}
+ labels:
+ app: {{ include "druid.name" . }}
+ chart: {{ include "druid.chart" . }}
+ component: {{ .Values.broker.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - configmaps
+ verbs:
+ - '*'
Review Comment:
I found that when this role did not exist none of the pods could start.
They seem to all manage labels when using the kubernetes extension. Unclear if
they will remove when not needed the same as they add when needed. I can test
that and narrow down permission sets for each service.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
