cant create a cluster role binding

Question

cant create a cluster role binding

Closed this issue 6 years ago · 8 comments

i m using the following resource definition file

kind: ClusterRoleBinding
metadata:
  labels:
    kubevirt.io: ''
  name: kubevirt-infra
roleRef:
#  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubevirt-infra
subjects:
- kind: ServiceAccount
  name: kubevirt-infra
  namespace: kube-system

when deploying it with a ansible task, i get an an error

name: Creating ClusterRoleBinding kubevirt-infra
k8s_v1beta1_cluster_role_binding:
name: kubevirt-infra
state: present
src: /tmp/ClusterRoleBinding_kubevirt-infra.yml

Error parsing resource definition. Encountered roleRef_kind, which does not map to a module parameter. If this looks like a problem with the module, please open an issue at github.com/openshift/openshift-restclient-python/issues

the error seems to happen for everything below roleRef

Answer 1 · 2018-02-02T01:33:26.000Z

@fabianvf @djzager please bump the priority of this.

This is related to KubeVirt effort

Answer 2 · 2018-02-02T16:06:38.000Z

@karmab I was able to get this to work with 2 changes to the Ansible code I see in your provision.yaml and your template.

roleRef --> role_ref
Removing namespace from the cluster level resource.

Answer 3 · 2018-02-14T20:53:15.000Z

I remember discussing this issue with you @karmab but I want to confirm with you before I close this issue. Is this resolved?

Answer 4 · 2018-05-12T04:55:32.000Z

I'm seeing an error in ansible's k8s_raw along these lines w/openshift 0.5.0 on python3.6

Doesn't work, even if i change roleRef to role_ref and drop the namespace line.

          apiVersion: rbac.authorization.k8s.io/v1beta1
          kind: ClusterRoleBinding
          metadata:
            name: tiller
          roleRef:
            apiGroup: rbac.authorization.k8s.io
            kind: ClusterRole
            name: cluster-admin
          subjects:
            - kind: ServiceAccount
              name: tiller
              namespace: kube-system

Can you advise @djzager ?

Answer 5 · 2018-05-12T11:26:10.000Z

You need to strip everything (and including) the / in apiVersion. For example, apiVersion: v1beta1

Answer 6 · 2018-05-14T19:50:11.000Z

You need to strip everything (and including) the / in apiVersion. For example, apiVersion: v1beta1

@josdotso did that solve your problem?

Answer 7 · 2018-05-14T20:40:13.000Z

@djzager Yes it did. Thanks! I meant to post back here to confirm, but I got sidetracked with Py2 vs. Py3 things.

Answer 8 · 2018-06-11T15:21:32.000Z

Old issue + we have moved to the dynamic client and the Ansible 2.6 modules (http://docs.ansible.com/ansible/devel/modules/k8s_module.html). There are workarounds for this with k8s|openshift_raw in Ansible 2.5 (ie. if you have apiVersion: apiextensions.k8s.io/v1beta1 change it to apiVersion: v1beta1).

Closing this issue.