New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Telepresence crashes when insufficient permissions exist on the Kubernetes cluster #488
Comments
Could you pass along the full telepresence.log as a gist, please? Looking at the snippet of the log file included here, I'm curious. Are the pods listed from the correct namespace? |
This turned out to be a permissions issue - I worked through it with our k8ns admin for a couple hours, and we kept adding permissions, one at a time, until eventually I was able to get in. Note -in addition to the obviouis ones, there are a ton of counter-intuitive permissions, such as "delete pod" that only make sense in hindsight once you grok what's going on with telepresence (turning your laptop into a remote-node). This issue can be closed - possibly avoided in the future documentation makes explicit which rights are required for telepresence (might already be there - I'm just a user, not a k8s admin) Thanks! |
What permissions did you end up adding? Your list would help us construct that future documentation. Thanks. |
We had to add the following permissions. Note that we added these to an existing set of IAM credentials so more may have been required. Would you like the full list?
|
Yes, please! And thank you for the info. Also, @plombardi89, I could use your help with turning this information into useful documentation. |
@ark3 greetings, this is the full list of permissions our devs have. This includes some that are beyond those required to get telepresence working, as I mentioned before. Cheers!
|
Again, thank you for the info. |
Related to not crashing is #288, which would allow Tel to give feedback early. |
We should make this more apparent to the user in Telepresence 2, also noted on #288, since right now you can only tell you have insufficient permissions by telepresence failing and looking in the logs. |
What were you trying to do?
(please tell us)
What did you expect to happen?
(please tell us)
What happened instead?
(please tell us - the traceback is automatically included, see below)
Automatically included information
Command line:
['/usr/bin/telepresence', '--verbose', '--namespace', 'mase-nagase-devel', '--swap-deployment', 'ma-etl-worker', '--docker-run', '--rm', '-it', '--cap-add=SYS_ADMIN', '-v', '/opt/sightmachine/ma:/opt/sightmachine/ma', 'registry-uw2-aws.int.sightmachine.com/sightmachine/ma:v4.19rc-4-g849008144-dev', 'bash', '-c', '/opt/sightmachine/ma/scripts/telepresence_config_swap.sh; bash']
Version:
0.73
Python version:
3.5.3 (default, Nov 23 2017, 11:34:05) [GCC 6.3.0 20170406]
kubectl version:
Client Version: v1.9.3
oc version:
(error: [Errno 2] No such file or directory: 'oc')
OS:
Linux ghsxp15 4.13.0-041300-generic #201709031731 SMP Sun Sep 3 21:33:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Traceback:
Logs:
The text was updated successfully, but these errors were encountered: