Join GitHub today
I think this happened in vanilla 0.9.2 (although I saw it today while trying to test PR #162 )
What are the items I need for my RBAC role now? (This worked through 0.9.1)
I don't understand what I need that I don't have, since it looks like it should be "list pods", because here's my RBAC Role:
I'm running into issues as well, and looking through how to define these properly just now
Binding it to service-reader works for me
but binding to a custom service-account doesn't
Trying to figure out why
Are you still facing these issues?
A quick look again at your issue shows the error states you do not have permissions in
Could you try granting permissions to
Ah thanks for checking that. We really should cover this in the documentation. I'm going to re-open this until we have correctly documented things.
To create workers you need the following permissions
kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: daskKubernetes rules: - apiGroups: - "" # indicates the core API group resources: - "pods" verbs: - "get" - "list" - "watch" - "create" - "delete" - apiGroups: - "" # indicates the core API group resources: - "pods/log" verbs: - "get" - "list"
For the new remote scheduler functionality you also need
- apiGroups: - "" # indicates the core API group resources: - "services" verbs: - "get" - "list" - "watch" - "create" - "delete"
We should add this to the documentation. @athornton do you have any interest in contributing this?