linkerd2 icon indicating copy to clipboard operation
linkerd2 copied to clipboard
verified publisher icon linkerd

linkerd-failover lacks RBAC to publish events

Open alpeb opened this issue 3 years ago • 1 comments

Using linkerd-failover 0.1.0, as soon as a TS gets applied, this appears in the linkerd-failover pod:

2022-07-28T16:23:36.638595Z ERROR patch:patch{namespace=emojivoto trafficsplit=my-weights}: linkerd_failover_controller::traffic_split: failed to record event error=ApiError: events.events.k8s.io is forbidden: User "system:serviceaccount:linkerd-failover:linkerd-failover" cannot create resource "events" in API group "events.k8s.io" in the namespace "emojivoto": Forbidden (ErrorResponse { status: "Failure", message: "events.events.k8s.io is forbidden: User \"system:serviceaccount:linkerd-failover:linkerd-failover\" cannot create resource \"events\" in API group \"events.k8s.io\" in the namespace \"emojivoto\"", reason: "Forbidden", code: 403 })

Solution

Add Event create permissions into the linkerd-failover ClusterRole

alpeb avatar Jul 28 '22 19:07 alpeb

I can take this up.

shardulsrivastava avatar Jul 28 '22 19:07 shardulsrivastava

@alpeb , I want to work on this issue, could you assign me.

sanjeev98kumar avatar Sep 25 '22 18:09 sanjeev98kumar

Assigned to you @sanjeev98kumar , let me know if you have any questions :-)

alpeb avatar Sep 26 '22 14:09 alpeb

Hey @sanjeev98kumar are u working on this issue ?

ashiskumarnaik avatar Oct 03 '22 10:10 ashiskumarnaik