go through README's tutorial, john account can't view space in example way

Question

go through README's tutorial, john account can't view space in example way

xiaods opened this issue 5 years ago · 8 comments

Environment:
mac
docker desktop
kubernetes 1.16.5

I follow README's tutorial, when I step to create space steps, I came across bug here:

~ took 15s 
❯ kubectl apply -f https://raw.githubusercontent.com/kiosk-sh/kiosk/master/examples/space.yaml --as=john
space.tenancy.kiosk.sh/johns-space created

~ took 35s 
❯ kubectl get spaces --as=john
No resources found.

~ took 12s 
❯ kubectl get spaces --as=john
No resources found.

~ took 3s 
❯ kubectl get space johns-space -o yaml --as=john
Error from server (NotFound): space.tenancy.kiosk.sh "johns-space" not found

how to debug this situation?

Answer 1 · 2020-04-08T01:22:20.000Z

@xiaods Thanks for reporting this.

Did you execute this command beforehand?

kubectl apply -f https://raw.githubusercontent.com/kiosk-sh/kiosk/master/examples/rbac-viewer.yaml

It is shown in step 2.2 within the readme.

Answer 2 · 2020-04-08T02:29:04.000Z

@LukasGentele I confirm I already execute this command. the issue also here.

❯ kubectl get accounts --as=john
NAME            AGE
johns-account   5m28s

~/Desktop took 31s 
❯ kubectl get account johns-account -o yaml --as=john
apiVersion: tenancy.kiosk.sh/v1alpha1
kind: Account
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"tenancy.kiosk.sh/v1alpha1","kind":"Account","metadata":{"annotations":{},"name":"johns-account"},"spec":{"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"User","name":"john"}]}}
  creationTimestamp: "2020-04-08T02:21:37Z"
  generation: 1
  name: johns-account
  resourceVersion: "16494"
  selfLink: /apis/tenancy.kiosk.sh/v1alpha1/accounts/johns-account
  uid: b3f4cffe-8305-4f7a-9a58-1895816801fc
spec:
  space:
    spaceTemplate:
      metadata:
        creationTimestamp: null
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: john
status:
  namespaces:
  - name: johns-space

~/Desktop took 29s 
❯ kubectl get spaces --as=john
No resources found.

as admin

~/Desktop took 3m37s 
❯ kubectl get spaces
NAME              AGE
cert-manager      14m
default           163m
docker            161m
johns-space       5m27s
kiosk             11m
kube-node-lease   163m
kube-public       163m
kube-system       163m

Answer 3 · 2020-04-09T01:14:34.000Z

it seems a bug on it.

Answer 4 · 2020-04-09T09:33:40.000Z

potential issue:

Events:
  Type     Reason       Age                    From                     Message
  ----     ------       ----                   ----                     -------
  Normal   Scheduled    8m41s                  default-scheduler        Successfully assigned kiosk/kiosk-7bdbb6d9cd-z4js5 to docker-desktop
  Warning  FailedMount  8m41s                  kubelet, docker-desktop  MountVolume.SetUp failed for volume "cert" : secret "webhook-server-cert" not found
  Warning  FailedMount  8m41s (x2 over 8m41s)  kubelet, docker-desktop  MountVolume.SetUp failed for volume "cert-apiservice" : secret "webhook-server-cert-apiservice" not found
  Normal   Pulled       8m39s                  kubelet, docker-desktop  Container image "kiosksh/kiosk:0.1.3" already present on machine

Answer 5 · 2020-04-09T09:58:47.000Z

@LukasGentele I confirm this is reproduced bug on docker - mac desktop

Answer 6 · 2020-04-09T10:24:20.000Z

Thanks for reporting this bug and for all the detailed information @xiaods - We just made some changes regarding listing accounts and spaces, so this seems to be a bug. I told @FabianKramm about this and he will fix this as soon as possible.

Answer 7 · 2020-04-09T10:32:05.000Z

@LukasGentele Thanks for your helps.

Answer 8 · 2020-04-09T12:27:58.000Z

@xiaods thanks for reporting! This is fixed with v0.1.4