kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubespray/roles/network_plugin/cilium
History
Frank Ritchie 5b0e88339a
Update cilium-operator clusterrole (#7416) 
When upgrading cilium from 1.8.8 to 1.9.5 I ran into the following
error:

level=error msg="Unable to update CRD" error="customresourcedefinitions.apiextensions.k8s.io
\"ciliumnodes.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\"
cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the
cluster scope" name=CiliumNode/v2 subsys=k8s

The fix was to add the update verb to the clusterrole. I also added
create to match the clusterrole created by the cilium helm chart.
 		2021-03-29 00:04:51 -07:00
..
defaults Add support for cilium ipsec (#7342) 2021-03-23 13:46:06 -07:00
meta Use role to copy CNI bin (#5953) 2020-04-16 10:06:45 -07:00
tasks Replace kube-master with kube_control_plane (#7256) 2021-03-23 17:26:05 -07:00
templates Update cilium-operator clusterrole (#7416) 2021-03-29 00:04:51 -07:00