[
https://issues.apache.org/jira/browse/IGNITE-8081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490443#comment-16490443
]
Sacchetti Michele commented on IGNITE-8081:
-------------------------------------------
Since configuration on the linkĀ is missing the proper "endopints" permission I
report here my working configuration.
K8: 1.9.2
Ignite: 2.4.0
{code}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ignite
namespace: MY_NAMESPACE
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ignite
namespace: MY_NAMESPACE
rules:
- apiGroups:
- ""
resources:
- pods
- endpoints
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: ignite
roleRef:
kind: ClusterRole
name: ignite
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ignite
namespace: MY_NAMESPACE
....
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ignite
namespace: MY_NAMESPACE
labels:
app: ignite
...
spec:
template:
spec:
serviceAccountName: ignite
{code}
> Document Kubernetes RBAC configuration to avoid 403 exception
> -------------------------------------------------------------
>
> Key: IGNITE-8081
> URL: https://issues.apache.org/jira/browse/IGNITE-8081
> Project: Ignite
> Issue Type: New Feature
> Components: documentation
> Reporter: Denis Magda
> Priority: Major
> Fix For: 2.6
>
>
> It's reported by the users that sometimes Ignite Kubernetes IP finder fails
> to join the cluster due to security issues. To prevent the exception
> happening we need to document how to set up a Service Account for Ignite pods:
> https://stackoverflow.com/questions/49395481/how-to-setmasterurl-in-ignite-xml-config-for-kubernetes-ipfinder/49405879#49405879
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
