Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

speaker rbac missing event create/ patch rights #456

Closed
juliantaylor opened this issue Jul 23, 2019 · 1 comment

Comments

@juliantaylor
Copy link

commented Jul 23, 2019

metallb 0.8.0:

The speaker clusterrole does not contain rights to create and patch events in all namespaces:
https://github.com/danderson/metallb/blob/master/helm-chart/templates/rbac.yaml#L27

but the speaker tries to create events in the namespace of the services:
https://github.com/danderson/metallb/blob/master/speaker/main.go#L246

the config-watcher rbac role does contain event creation rights, but it is a rolebinding and this does not necessarily apply the to namespace of the service. Also it is missing the patch right.

@danderson

This comment has been minimized.

Copy link
Owner

commented Jul 24, 2019

Thanks for both your bug reports! I'll get these fixed and 0.8.1 released later today.

@danderson danderson closed this in 12ec4ac Jul 25, 2019

danderson added a commit that referenced this issue Jul 25, 2019

Grant event create/patch on all namespaces to the speaker.
This allows the speaker to publish events about which nodes are
announcing services.

Fixes #456

(cherry picked from commit 12ec4ac)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.