Confluence DC depends on RBAC to work

[hoeghh]

When using Confluence DC the entry point script depends on RBAC to be enabled. If its not possible to implement without, this is ok, but there is a way that doesnt depend on RBAC.

I've tested it with multitool.

kubectl create deployment multitool --image=praqma/network-multitool 
kubectl scale deployment multitool --replicas=3

echo "apiVersion: v1
kind: Service
metadata:
  labels:
    app: multitool
  name: multitool
  namespace: default
spec:
  clusterIP: "None"
  selector:
    app: multitool
  type: ClusterIP
status:
  loadBalancer: {}
" > multitool-service.yaml

kubectl apply -f multitool-service.yaml

kubectl exec -it multitool-7885b5f94f-6kjll bash

host multitool | grep has | cut -d " " -f 4 | tr "\n" "," | sed -e 's/,$//'

The above will give us

10.42.1.32,10.42.1.31,10.42.0.27

If we scale it down again to 1, and run the host command, it still works

10.42.0.27

In the file docker-entrypoint.sh at line 149 we use curl to get healthy endpoints from the api server, though this requires rabc permissions to do so.

CLUSTER_PEER_IPS=$(curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/${CONFLUENCE_NAMESPACE}/endpoints/${CONFLUENCE_SERVICE_NAME} | jq -r .subsets[].addresses[].ip | paste -sd "," -)

It could be replaced with something like

host $CONFLUENCE_SERVICE_NAME | grep has | cut -d " " -f 4 | tr "\n" "," | sed -e 's/,$//'

Much more elegant, and with not RBAC needed.