[
https://issues.apache.org/jira/browse/YUNIKORN-1775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PoAn Yang updated YUNIKORN-1775:
--------------------------------
Description:
Deploy the admission-controller with YAML files in yunikorn-k8shim:
{code:java}
kubectl create namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-rbac.yaml
--namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-secrets.yaml
--namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller.yaml --namespace
yunikorn{code}
We will get errors in the yunikorn-admission-controller pod.
{code:java}
E0531 12:36:25.095445 1 reflector.go:138]
pkg/mod/k8s.io/[email protected]/tools/ca
che/reflector.go:167: Failed to watch *v1.Namespace: failed to list
*v1.Namespace: namespa
ces is forbidden: User
"system:serviceaccount:yunikorn:yunikorn-admission-controller" cann
ot list resource "namespaces" in API group "" at the cluster scope {code}
was:
Deploy the admission-controller with YAML files in yunikorn-k8shim:
{code:java}
kubectl create namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-rbac.yaml
--namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller-secrets.yaml
--namespace yunikorn
kubectl apply -f deployments/scheduler/admission-controller.yaml --namespace
yunikorn{code}
We will get errors in the yunikorn-admission-controller pod.
{code:java}
E0531 12:36:25.095445 1 reflector.go:138]
pkg/mod/k8s.io/[email protected]/tools/ca
che/reflector.go:167: Failed to watch *v1.Namespace: failed to list
*v1.Namespace: namespa
ces is forbidden: User
"system:serviceaccount:yunikorn:yunikorn-admission-controller" cann
ot list resource "namespaces" in API group "" at the cluster scope {code}
> Admission cluster role doesn't have enough permission to run admission
> ----------------------------------------------------------------------
>
> Key: YUNIKORN-1775
> URL: https://issues.apache.org/jira/browse/YUNIKORN-1775
> Project: Apache YuniKorn
> Issue Type: Bug
> Components: shim - kubernetes
> Reporter: PoAn Yang
> Assignee: PoAn Yang
> Priority: Minor
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Deploy the admission-controller with YAML files in yunikorn-k8shim:
> {code:java}
> kubectl create namespace yunikorn
> kubectl apply -f deployments/scheduler/admission-controller-rbac.yaml
> --namespace yunikorn
> kubectl apply -f deployments/scheduler/admission-controller-secrets.yaml
> --namespace yunikorn
> kubectl apply -f deployments/scheduler/admission-controller.yaml --namespace
> yunikorn{code}
> We will get errors in the yunikorn-admission-controller pod.
> {code:java}
> E0531 12:36:25.095445 1 reflector.go:138]
> pkg/mod/k8s.io/[email protected]/tools/ca
> che/reflector.go:167: Failed to watch *v1.Namespace: failed to list
> *v1.Namespace: namespa
> ces is forbidden: User
> "system:serviceaccount:yunikorn:yunikorn-admission-controller" cann
> ot list resource "namespaces" in API group "" at the cluster scope {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
