New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC project role (caching?) issue in Rancher v2.5 Cluster Explorer #31982
Comments
Initial read points to a schema error. Will need to repro here to isolate if it's UI and/or Server. |
@Jono-SUSE-Rancher should we transfer this over to rancher/rancher to have someone look on the backend? |
The bug is reproduced on v2.5-head 7426ba8 Following the steps from the issue and reproduce the bug on a node-driver cluser. |
Currently blocked on rancher/dashboard#2926 (can't create new project role) |
I'm currently investigating this, you should still be able to create project roles via the old ui though. |
@kravciak @richard-cox I investigated this issue and figured out the root cause. The problem is that the The fix for this will involve triggering a refresh of the data that is displayed on |
I was able to create roles this way, thanks. |
@JacieChao I tried the following tests but was not able to reproduce the issue on rancher v2.5.10.
|
@anupama2501 it seems @JacieChao is seeing this on Rancher with an HA local cluster, i.e. it sounds like the access control cache could be inconsistent on some nodes. Can you try a Rancher HA install instead of docker install? I can also try this repro if needed |
I was able to reproduce on HA with rke1 as local cluster. Re-opening the issue.
|
Thanks @anupama2501 I'll take a look at this to see if I can identify what's going on in the HA case |
Verified on v2.5-head
|
Verified by enabling openLDAP auth
|
What kind of request is this (question/bug/enhancement/feature request):
Bug
Steps to reproduce (least amount of steps as possible):
kubectl -n kube-system get deployments
kubectl -n kube-system get deployments
Environment information
The text was updated successfully, but these errors were encountered: