-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jaeger Operator Chart missing list permisson #241
Comments
Same here. |
I'm running into the same issue. Would be great to fix this. As a workaround i have created custom template with another ClusterRole, ClusterRoleBinding attached to the same serviceaccount created with the chart. |
I'm running into this issue as well, with clusterRole false
even with clusterRole false, its trying to list namespaces:
but we wanted our jaeger to be more limited, is this not allowed? if so why are we allowed to set this to false? |
it looks like it made a role and put namespaces anyways:
but i guess my question is why is it trying to list namespaces if we dont want it to have a clusterrole, is confining jaeger to an ns not supported anymore? |
Hey @perezjasonr, I know it's almost been a year since you last commented here but were you able to figure out the reason for this? I'm running into the same problem with the latest Jaeger operator ( |
Hi,
First, thanks for this. It's super helpful.
But we just had an issue while deploying the operator with this chart, the log message we got was
"pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:observability:jaeger-operator" cannot list resource "namespaces" in API group "" at the cluster scope"
After some investigation it looks like this chart is missing the
list
permission on some resources, and when comparing the Helm Role.YAML file to Jaeger-Operator there are some differences and specifically you see alllist
permissions are missing.After applying the Jaeger-Operator file to our cluster, the Jaeger Operator was back to normal and deployed Jaeger and all it's dependencies.
The text was updated successfully, but these errors were encountered: