-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to KUBECONFIG env var #113
Comments
Thanks @fandujar I started playing around with mizu few mins back. I don't have permission on ALL resources on the cluster but I am limited to a specific namespace. I was wondering what permission would it need to run mizu ? I see below error even when I specify the namespace using -n option
Happy to update the documentation once I find the answer. |
Opened pull request #114 |
The minimum permissions needed are (currently for the - apiGroups:
- ""
- apps
resources:
- pods
- services
verbs:
- list
- get
- create
- delete
- apiGroups:
- ""
- apps
resources:
- daemonsets
verbs:
- list
- get
- create
- patch
- delete You won't be able to run mizu at all without these resources. For traffic ip to k8s service name resolving to work you'll need these optional permissions: - apiGroups:
- ""
- apps
- "rbac.authorization.k8s.io"
resources:
- clusterroles
- clusterrolebindings
- serviceaccounts
verbs:
- get
- create
- delete This will allow mizu to create the necessary rbac resources that give mizu permissions to watch the cluster's pods, services and endpoints in order to resolve traffic ips. |
Thanks @RamiBerm - this issue can be closed - both pull requests are merged. |
kubectl supports a KUBECONFIG env var that allows us to use other kubeconfig file instead of default $HOME/.kube/config
It would be good to support it as well
The text was updated successfully, but these errors were encountered: