roman-popenov opened a new issue #6143: Add the rbac policy to give the brokers permissions to deploy functions URL: https://github.com/apache/pulsar/issues/6143 It is possible to set the `Functions` environment as **Kubernetes** so that they can be scheduled and run in a pod. First, the broker should have a `serviceAccountName` set. Second, in order for the broker to deploy functions it needs to have rbac policy set. Currently, one would need to create a yaml object definition file and apply it manually. It would be great to have that file already in the `deployment` folder. ``` apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: functions-worker rules: - apiGroups: [""] resources: - services - configmaps - pods verbs: - '*' - apiGroups: - apps resources: - statefulsets verbs: - '*' --- apiVersion: v1 kind: ServiceAccount metadata: name: functions-worker --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: functions-worker roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: functions-worker subjects: - kind: ServiceAccount name: functions-worker namespace: pulsar ``` It would also be great to add a flag `functions_rbac` to helm charts so the configuration from above could be written as a template and the deployment more streamlined.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
