Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-6905

Missing ClusterRoleBindings for Kafka and Kafka Connect rack-awareness

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 3.0.1.GA
    • 3.0.1.GA
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      When enabling rack awareness the operator requires the following ClusterRole:

      apiVersion:

[rbac.authorization.k8s.io/v1|https://rbac.authorization.k8s.io/v1]


kind: ClusterRole
metadata:
name: strimzi-nodes-reader
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"]
      Show
      When enabling rack awareness the operator requires the following ClusterRole: apiVersion: [rbac.authorization.k8s.io/v1|https: //rbac.authorization.k8s.io/v1] kind: ClusterRole metadata: name: strimzi-nodes-reader rules: - apiGroups: [""] resources: [ "nodes" ] verbs: [ "get" , "list" ]

      The following error will occur when enabling rack awareness :

      Message:

[clusterrolebindings.rbac.authorization.k8s.io|https://clusterrolebindings.rbac.authorization.k8s.io/]

“strimzi-test01-connect-kafka-shared-connect-init” is forbidden: user “system:serviceaccount:test-connect:strimzi-cluster-operator” (groups=[“system:serviceaccounts” “system:serviceaccounts:test-connect” “system:authenticated”]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[“”], Resources:[“nodes”], Verbs:[“get”]}. Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=

[rbac.authorization.k8s.io|https://rbac.authorization.k8s.io/]

, kind=clusterrolebindings, name=strimzi-test-connect-kafka-shared-connect-init, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=

[clusterrolebindings.rbac.authorization.k8s.io|https://clusterrolebindings.rbac.authorization.k8s.io/]

“strimzi-test-connect-kafka-shared-connect-init” is forbidden: user “system:serviceaccount:test-connect:strimzi-cluster-operator” (groups=[“system:serviceaccounts” “system:serviceaccounts:test-connect” “system:authenticated”]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[“”], Resources:[“nodes”], Verbs:[“get”]}, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).

              Unassigned Unassigned
              rhn-support-jsherman Jason Sherman
              Lukas Kral Lukas Kral
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: