FesonX opened a new issue #887: URL: https://github.com/apache/apisix-ingress-controller/issues/887
### Issue description **Steps:** I follow the docs: [APISIX Ingress Controller the Hard Way](https://apisix.apache.org/zh/docs/ingress-controller/practices/the-hard-way#install-apisix-ingress-controller) in section "Install APISIX Ingress Controller" When I create apisixroute via file, it always return 404. When I create apisixroute via admin api, it works. **Errors:** ``` kubectl -n apisix get pods NAME READY STATUS RESTARTS AGE apisix-db9675749-9zql6 1/1 Running 0 3h22m apisix-ingress-controller-56674cc48f-2k7jw 1/1 Running 0 126m ``` I get the logs from `apisix-ingress-controller-56674cc48f-2k7jw`, it shows: ``` E0224 21:47:35.237379 1 leaderelection.go:330] error retrieving resource lock default/ingress-apisix-leader: leases.coordination.k8s.io "ingress-apisix-leader" is forbidden: User "system:serviceaccount:apisix:apisix-ingress-controller" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "default" ``` **Fixs:** I check the Issue #182 , looks like this is a cluster role binding permission error. Then I update the role resource define in section "Install APISIX Ingress Controller" from ``` ... apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: apisix-clusterrole namespace: apisix ... ``` to ``` ... apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: apisix-clusterrole ... ``` Which removes the namespace meta, and it works. I want to know am i right? or the docs should be updated? ### Environment - your apisix-ingress-controller version (output of apisix-ingress-controller version --long): `apache/apisix-ingress-controller:1.4.0` - your Kubernetes cluster version (output of kubectl version): Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.4", GitCommit:"b695d79d4f967c403a96986f1750a35eb75e75f1", GitTreeState:"clean", BuildDate:"2021-11-17T15:48:33Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"darwin/amd64"} - if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
