Skip to content

Fix misc RBAC issues on 1.6.6 #477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 18, 2017
Merged

Fix misc RBAC issues on 1.6.6 #477

merged 1 commit into from
Jul 18, 2017

Conversation

andraxylia
Copy link
Contributor

@andraxylia andraxylia commented Jul 18, 2017
edited
Loading

I upgraded to a k8s 1.6.6 cluster and pilot can no longer read TPRs.

I0718 23:23:06.618825 1 client.go:194] TPR "IstioConfig" is not ready (User "system:serviceaccount:istio-test-nb5kb:istio-pilot-service-account" cannot list istioconfigs.istio.io at the cluster scope.: "Unknown user "system:serviceaccount:istio-test-nb5kb:istio-pilot-service-account"" (get IstioConfigs.istio.io)). Waiting...

Fixed also Ingress status, who was no longer updated after adding the k8s Syncer, because we were missing list permissions on the nodes.

This version is now in sync with the e2e tests in pilot, that can be run independently on an RBAC enabled cluster.

@andraxylia andraxylia requested a review from costinm July 18, 2017 22:00
@ldemailly
Copy link
Member

ldemailly commented Jul 18, 2017
edited
Loading

Any way to get a test for this (failing without the fix and passing with it) ?

Also can you describe a bit the fix/symptoms etc by editing the PR description (if we want to put this in the stable release-0.1 branch we need to be extra descriptive with the changes)

@istio-testing
Copy link
Collaborator

Jenkins job istio/presubmit passed

costinm
costinm approved these changes Jul 18, 2017
View reviewed changes
Copy link
Contributor

@costinm costinm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems in 1.6.6 ClusterRoleBinding works - and RoleBinding no longer works. The error message (user not found) doesn't make sense either.

So +1 to fix the tests - we don't officially document running in a namespace.

@andraxylia andraxylia merged commit 98fafa6 into master Jul 18, 2017
@andraxylia
Copy link
Contributor Author

Create a cluster in GKE with 1.6.6 version and deploy istio, then do kubectl logs pilot-... , kubectl logs ingress-....

@andraxylia andraxylia deleted the rbac branch July 18, 2017 23:50
lachie83 added a commit to lachie83/istio that referenced this pull request Jul 19, 2017
@lachie83
Merge branch 'bugfix-resync-alpha-beta-rbac-manifests' of github.com:…
86a7c9f 
…lachie83/istio into bugfix-resync-alpha-beta-rbac-manifests

* 'bugfix-resync-alpha-beta-rbac-manifests' of github.com:lachie83/istio:
  Fix misc RBAC issues on 1.6.6 (istio#477)
@andraxylia andraxylia mentioned this pull request Jul 20, 2017
Closed
rshriram pushed a commit that referenced this pull request Oct 30, 2017
@andraxylia
Fix misc RBAC issues on 1.6.6 (#477)
e71ca5b 
Former-commit-id: 98fafa6
mandarjog pushed a commit that referenced this pull request Nov 2, 2017
@andraxylia
Fix misc RBAC issues on 1.6.6 (#477)
3eadc3e 
Former-commit-id: 98fafa6
guptasu pushed a commit to guptasu/istio that referenced this pull request Jun 11, 2018
@geeknoid
Regenerate docs given latest doc extraction tool. (istio#477)
d540310 
Also, fix python generation logic to stop passing directory names as proto files.
This eliminates a bunch of warnings when building the repo, and eliminates a bunch
of broken dud checked in files.
kyessenov pushed a commit to kyessenov/istio that referenced this pull request Aug 13, 2018
@rshriram
update envoy sha (istio#477)
c9f369b 
* update envoy sha

adding regex match support in routes

* no more filter types

* more nixing

* interactive compilation with Jenkins

* hopefully the last compilation fix

* one more

* one more

* another one
howardjohn pushed a commit to howardjohn/istio that referenced this pull request Jan 12, 2020
@jwendell @istio-testing
Sync CNI charts from istio/cni (istio#477)
3168e43 
And remove values_gke.yaml

Closes istio#18576
howardjohn pushed a commit to howardjohn/istio that referenced this pull request Jan 12, 2020
@istio-testing
Refine e2e implementation (istio#477)
33fd23e 
* WIP: Refine e2e implementation

This is a refinement based upon the prior PRs in this area.

Depends-On: istio/tools#483

* Use proper image with jq
luksa added a commit to luksa/istio that referenced this pull request Sep 20, 2022
@luksa
OSSM-1150 Fix flaky TestStatusManager unit test (istio#477)
4392685
antonioberben pushed a commit to antonioberben/istio that referenced this pull request Jan 29, 2024
@mehta-ankit
Merge pull request istio#477 from foxylion/main
12fa2b5 
[jaeger] Add option to configure ingester only via environment variables
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@costinm costinm costinm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andraxylia @ldemailly @istio-testing @costinm @googlebot