cant create a cluster role binding
Closed this issue · 8 comments
i m using the following resource definition file
kind: ClusterRoleBinding
metadata:
labels:
kubevirt.io: ''
name: kubevirt-infra
roleRef:
# apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-infra
subjects:
- kind: ServiceAccount
name: kubevirt-infra
namespace: kube-system
when deploying it with a ansible task, i get an an error
- name: Creating ClusterRoleBinding kubevirt-infra
k8s_v1beta1_cluster_role_binding:
name: kubevirt-infra
state: present
src: /tmp/ClusterRoleBinding_kubevirt-infra.yml
Error parsing resource definition. Encountered roleRef_kind, which does not map to a module parameter. If this looks like a problem with the module, please open an issue at github.com/openshift/openshift-restclient-python/issues
the error seems to happen for everything below roleRef
@karmab I was able to get this to work with 2 changes to the Ansible code I see in your provision.yaml and your template.
roleRef
-->role_ref
- Removing namespace from the cluster level resource.
I remember discussing this issue with you @karmab but I want to confirm with you before I close this issue. Is this resolved?
I'm seeing an error in ansible's k8s_raw along these lines w/openshift 0.5.0 on python3.6
Doesn't work, even if i change roleRef
to role_ref
and drop the namespace line.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
Can you advise @djzager ?
You need to strip everything (and including) the /
in apiVersion
. For example, apiVersion: v1beta1
You need to strip everything (and including) the / in apiVersion. For example, apiVersion: v1beta1
@josdotso did that solve your problem?
@djzager Yes it did. Thanks! I meant to post back here to confirm, but I got sidetracked with Py2 vs. Py3 things.
Old issue + we have moved to the dynamic client and the Ansible 2.6 modules (http://docs.ansible.com/ansible/devel/modules/k8s_module.html). There are workarounds for this with k8s|openshift_raw
in Ansible 2.5 (ie. if you have apiVersion: apiextensions.k8s.io/v1beta1
change it to apiVersion: v1beta1
).
Closing this issue.