Broker permission error

[mattfarina]

I got the error:

controller.go:293] error getting the cluster info configmap: "configmaps \"cluster-info\" is forbidden: User \"system:serviceaccount:svc-cat:service-catalog-controller-manager\" cannot get configmaps in the namespace \"default\""

The service-catalog-controller-manager didn't have permission. It was causing a ErrorFetchingCatalog error.

I fixed it, for the moment, by giving the service account:

roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

I didn't get this in other environments I've run the catalog in.

Disclaimer, I read the warning "This is still a work-in-progress, it's not usable yet." but I wanted to try anyway. Figured I'd pass this on.

[mattfarina]

Note, I did use make create-cluster to make the cluster I used.

[carolynvs]

That actually isn't an error, though service catalog logs it as such. 😀 Catalog is trying to get the id of the cluster to report it to the broker.

https://github.com/kubernetes-incubator/service-catalog/blob/5c43dec9f1cb3966d2dc2e643511371d2458b858/pkg/controller/controller.go#L294

Seem like either shouldn't be logged at all by service catalog (it's kind of an optional thing that may or may not be allowed), or at least should be a FYI/Warning, not an error.

Since this isn't related to minibroker, I'm going to close this and open an issue in the service catalog repo to ask about that log entry.

[carolynvs]

Here's the new issue to track this question: kubernetes-retired/service-catalog#1973