stricklandye commented on issue #12722:
URL: https://github.com/apache/apisix/issues/12722#issuecomment-3479078239
@Baoyuantop Thanks for reply. After checking out all the logs of apisix
component, I found a issue may related to this thread. When I created a
`ApisixRoute` CRD, the `Apisix Ingress controller` pops out log like:
```
error ingress/status.go:107 failed to record status change for
ApisixRoute {"error": "apisixroutes.apisix.apache.org \"alert-manager-host\"
is forbidden: User \"system:serviceaccount:1-default-ns:apisix\" cannot update
resource \"apisixroutes/status\" in API group \"apisix.apache.org\" in the
namespace \"monitor\"", "name": "alert-manager-host", "namespace": "monitor"}
```
Indeed, the apisix gateway are deployed in namespace `1-default-ns`, so from
the log we can see that the gateway pod use its default serviceaccount to
update a `ApisixRoute` CRD which locates in `monitor` namespace. Is it
expected?
Again, I'm responsible for managing this k8s cluster recently, so I dont
know much about how it was managed before . 😢
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
