Support SDK without ClusterRole permissions
basvdlouw opened this issue · 3 comments
Currently the SDK only works within an RBAC environment when a ClusterRole is defined. Within our setup we cannot define ClusterRoles.
We would like to use regular Roles/RoleBindings. The "nodes" resource requires ClusterRole permissions, but the rest of the resources that are logged do not. We should still be able to log this information to app insights instead of getting an unauthorized exception on initialization.
@basvdlouw Thanks for the feedback. It is very specific and that is helpful. Let me do some investigation around it.
Hey @basvdlouw, it turned out to be a minor tweak and the change is released in: https://www.nuget.org/packages/Microsoft.ApplicationInsights.Kubernetes/2.0.6-beta1
Mind giving it a try to see if that works for you?
Here's an example we used to set up the RoleBinding: https://github.com/microsoft/ApplicationInsights-Kubernetes/blob/develop/docs/sa-role-none-cluster.yaml
Again, thanks for your contribution!
Hi @xiaomi7732, I've tested it and it works as expected.
Thanks for the quick fix