From 5ea96fa6a001fcb0368274081069690d9277a3a2 Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Wed, 12 Feb 2020 18:34:19 -0600 Subject: [PATCH] Add events RBAC permissions to kops-controller I noticed in our new kops-controller logs that there is a permission denied error at startup. Apparently part of the leader election process involves creating and watching for events off of the kops-controller-leader configmap. This will add the necessary permissions to silence this error. https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-kops-aws/1227728236914413570/artifacts/ip-172-20-46-137.ap-northeast-2.compute.internal/kops-controller-6k9sz.log --- .../kops-controller.addons.k8s.io/k8s-1.16.yaml.template | 9 +++++++++ .../bootstrapchannelbuilder/amazonvpc/manifest.yaml | 2 +- .../cilium/kops-controller.addons.k8s.io-k8s-1.16.yaml | 9 +++++++++ .../tests/bootstrapchannelbuilder/cilium/manifest.yaml | 2 +- .../simple/kops-controller.addons.k8s.io-k8s-1.16.yaml | 9 +++++++++ .../tests/bootstrapchannelbuilder/simple/manifest.yaml | 2 +- .../tests/bootstrapchannelbuilder/weave/manifest.yaml | 2 +- 7 files changed, 31 insertions(+), 4 deletions(-) diff --git a/upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template index 791ad1f5b130d..c183f15ce4840 100644 --- a/upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template @@ -139,6 +139,15 @@ metadata: name: kops-controller namespace: kube-system rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create - apiGroups: - "" resources: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml index 506d32cd8dd7f..9bd85ebd256dc 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml @@ -7,7 +7,7 @@ spec: - id: k8s-1.16 kubernetesVersion: '>=1.16.0-alpha.0' manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 827a984420c7b24204f7713717b8ebc2a6f63db3 + manifestHash: 9c35881670887d269f0eac0fa1f0c20509e6a8bb name: kops-controller.addons.k8s.io selector: k8s-addon: kops-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/kops-controller.addons.k8s.io-k8s-1.16.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/kops-controller.addons.k8s.io-k8s-1.16.yaml index 28e543874d0fc..22a7977ca6e18 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/kops-controller.addons.k8s.io-k8s-1.16.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/kops-controller.addons.k8s.io-k8s-1.16.yaml @@ -121,6 +121,15 @@ metadata: name: kops-controller namespace: kube-system rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create - apiGroups: - "" resourceNames: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 1b1d066ae346a..dad4f7725f104 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -7,7 +7,7 @@ spec: - id: k8s-1.16 kubernetesVersion: '>=1.16.0-alpha.0' manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 827a984420c7b24204f7713717b8ebc2a6f63db3 + manifestHash: 9c35881670887d269f0eac0fa1f0c20509e6a8bb name: kops-controller.addons.k8s.io selector: k8s-addon: kops-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/kops-controller.addons.k8s.io-k8s-1.16.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/kops-controller.addons.k8s.io-k8s-1.16.yaml index 28e543874d0fc..22a7977ca6e18 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/kops-controller.addons.k8s.io-k8s-1.16.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/kops-controller.addons.k8s.io-k8s-1.16.yaml @@ -121,6 +121,15 @@ metadata: name: kops-controller namespace: kube-system rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create - apiGroups: - "" resourceNames: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml index 3f4ca3d7d0212..04a14dd83ed36 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml @@ -7,7 +7,7 @@ spec: - id: k8s-1.16 kubernetesVersion: '>=1.16.0-alpha.0' manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 827a984420c7b24204f7713717b8ebc2a6f63db3 + manifestHash: 9c35881670887d269f0eac0fa1f0c20509e6a8bb name: kops-controller.addons.k8s.io selector: k8s-addon: kops-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml index 236013900196c..8423e0b320bcd 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml @@ -7,7 +7,7 @@ spec: - id: k8s-1.16 kubernetesVersion: '>=1.16.0-alpha.0' manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 827a984420c7b24204f7713717b8ebc2a6f63db3 + manifestHash: 9c35881670887d269f0eac0fa1f0c20509e6a8bb name: kops-controller.addons.k8s.io selector: k8s-addon: kops-controller.addons.k8s.io