diff options
author | Anaël Closson <ac2550@intl.att.com> | 2017-10-09 14:52:24 +0200 |
---|---|---|
committer | Anaël Closson <ac2550@intl.att.com> | 2017-10-09 15:56:03 +0200 |
commit | 40cdf49a6888326a1af68530203847662fcfe398 (patch) | |
tree | c28ef702a02e6d2f1f82d81f1eb1de205427df89 | |
parent | 3d2e45507ea65ec3217d6a462cb8adaa249f9c25 (diff) |
Containers not starting fails on RBAC enabled k8s
When running the OOM scripts on a RBAC enabled kubernetes,
readiness probes failed to check dependencies status as they
don't have the needed access rights.
Note for the reviewer :
The fix has been tested on a rancher installation (k8s 1.8)
and on a kubeadm installation (k8s 1.8), but not a previous
versions of k8s. There might be issues with the command when
used on pre RBAC (<1.6) versions of k8s. This should be tested
with such version if early backward compatibility should be a
concern.
Change-Id: I7a915fc08927cd0fc0d5ea70a75f44c1380de926
Issue-ID: OOM-349
Signed-off-by: Anaël Closson <ac2550@intl.att.com>
-rwxr-xr-x | kubernetes/oneclick/createAll.bash | 8 | ||||
-rwxr-xr-x | kubernetes/oneclick/deleteAll.bash | 6 |
2 files changed, 14 insertions, 0 deletions
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash index 8d41ee45a6..c23f01456a 100755 --- a/kubernetes/oneclick/createAll.bash +++ b/kubernetes/oneclick/createAll.bash @@ -26,6 +26,11 @@ check_return_code(){ fi } +create_service_account() { + cmd=`echo kubectl create clusterrolebinding $1-$2-admin-binding --clusterrole=cluster-admin --serviceaccount=$1-$2:default` + eval ${cmd} + check_return_code $cmd +} create_namespace() { cmd=`echo kubectl create namespace $1-$2` @@ -164,6 +169,9 @@ for i in ${HELM_APPS[@]}; do printf "\nCreating namespace **********\n" create_namespace $NS $i + printf "\nCreating service account **********\n" + create_service_account $NS $i + printf "\nCreating registry secret **********\n" create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash index c0e696c491..53f2d4d9fa 100755 --- a/kubernetes/oneclick/deleteAll.bash +++ b/kubernetes/oneclick/deleteAll.bash @@ -12,6 +12,11 @@ delete_namespace() { printf "Namespace $_NS deleted.\n\n" } +delete_service_account() { + kubectl delete clusterrolebinding $1-$2-admin-binding + printf "Service account $1-$2-admin-binding deleted.\n\n" +} + delete_registry_key() { kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key } @@ -76,6 +81,7 @@ for i in ${HELM_APPS[@]}; do delete_app_helm $NS $i delete_namespace $NS $i + delete_service_account $NS $i done |