Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

fix: add read perms for CSINodes to cluster-autoscaler role #2096

Merged
merged 1 commit into from Oct 3, 2019
Merged

fix: add read perms for CSINodes to cluster-autoscaler role #2096

merged 1 commit into from Oct 3, 2019

Conversation

mboersma
Copy link
Member

@mboersma mboersma commented Oct 3, 2019
edited

Reason for Change:
cluster-autoscaler 1.16+ wants to get, list, and watch v1beta1.CSINode objects. Without this permission it logs errors:

I1003 16:46:17.597992       1 scale_down.go:554] 2 nodes found to be unremovable in simulation, will re-check them at 2019-10-03 16:51:17.596782704 +0000 UTC m=+2433.908749086
I1003 16:46:17.598160       1 scale_down.go:785] No candidates for scale down
I1003 16:46:18.587192       1 reflector.go:158] Listing and watching *v1beta1.CSINode from k8s.io/client-go/informers/factory.go:134
E1003 16:46:18.588987       1 reflector.go:123] k8s.io/client-go/informers/factory.go:134: Failed to list *v1beta1.CSINode: csinodes.storage.k8s.io is forbidden: User "system:serviceaccount:kube-system:cluster-autoscaler" cannot list resource "csinodes" in API group "storage.k8s.io" at the cluster scope
I1003 16:46:19.589195       1 reflector.go:158] Listing and watching *v1beta1.CSINode from k8s.io/client-go/informers/factory.go:134
E1003 16:46:19.591188       1 reflector.go:123] k8s.io/client-go/informers/factory.go:134: Failed to list *v1beta1.CSINode: csinodes.storage.k8s.io is forbidden: User "system:serviceaccount:kube-system:cluster-autoscaler" cannot list resource "csinodes" in API group "storage.k8s.io" at the cluster scope

Issue Fixed:

Requirements:

Notes:
I tested that each permission (get, list, and watch) are actually required, and that this isn't an issue for Kubernetes cluster-autoscaler 1.15 and earlier.

@codecov
Copy link

codecov bot commented Oct 3, 2019

Codecov Report

Merging #2096 into master will not change coverage.
The diff coverage is n/a.

@@          Coverage Diff           @@
##           master   #2096   +/-   ##
======================================
  Coverage    76.6%   76.6%           
======================================
  Files         135     135           
  Lines       20606   20606           
======================================
  Hits        15786   15786           
  Misses       3897    3897           
  Partials      923     923

jackfrancis
jackfrancis approved these changes Oct 3, 2019
View reviewed changes
Copy link
Member

@jackfrancis jackfrancis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@acs-bot acs-bot added the lgtm label Oct 3, 2019
@acs-bot
Copy link

acs-bot commented Oct 3, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackfrancis, mboersma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [jackfrancis,mboersma]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jackfrancis jackfrancis added this to In progress in backlog Oct 3, 2019
@acs-bot acs-bot merged commit 25e93ef into Azure:master Oct 3, 2019
backlog automation moved this from In progress to Done Oct 3, 2019
@mboersma mboersma deleted the update-autoscaler-role branch October 8, 2019 15:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jackfrancis jackfrancis jackfrancis approved these changes

Assignees

@jackfrancis jackfrancis

Labels
approved lgtm size/XS
Projects
No open projects
backlog
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mboersma @acs-bot @jackfrancis