Namespaced deployment
Closed this issue · 2 comments
angelbarrera92 commented
Hi.
i just trying to use this tool inside a k8spin.cloud namespace to collect all logs in my namespace.
I mean, i have a scenario where i have (almost full) permissions in my namespace but i have not cluster permissions.
As i understand if i pass --current-ns
flag and/or -n
flag to kail it will query for logs in my namespace.
But i see the following logs:
time="2019-10-07T13:55:25Z" level=error msg="client list: pods is forbidden: User \"system:serviceaccount:angelbarrerasanchez-gmail-com-registry:angelbarrerasanchez-gmail-com-registry\" cannot list resource \"pods\" in API group \"\" at the cluster scope" cmp=lister
time="2019-10-07T13:55:25Z" level=error msg="lister error: client list: pods is forbidden: User \"system:serviceaccount:angelbarrerasanchez-gmail-com-registry:angelbarrerasanchez-gmail-com-registry\" cannot list resource \"pods\" in API group \"\" at the cluster scope" cmp=controller
This makes me think that kail does not support namespaced deployment. Am i right?
This is the pod.yaml i am using:
apiVersion: v1
kind: Pod
metadata:
labels:
kail.ignore: "true"
name: kail
namespace: angelbarrerasanchez-gmail-com-registry
spec:
serviceAccountName: angelbarrerasanchez-gmail-com-registry
containers:
- args:
- --current-ns
- -n
- angelbarrerasanchez-gmail-com-registry
- --log-level
- debug
image: abozanich/kail
imagePullPolicy: Always
name: kail
resources:
limits:
cpu: 20m
memory: 64Mi
requests:
cpu: 20m
memory: 64Mi
Let me know if i can try anything different
angelbarrera92 commented
Seems to be related to: #12
angelbarrera92 commented
Fixed with #42