Comments (5)
wibed
commented on July 26, 2024
these are all the resources affected, it is exclusively the metadata.namespace that is affected
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: linkerd-{{.Release.Namespace}}-tap-auth-reader
namespace: kube-system
labels:
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: {{ .Values.linkerdNamespace }}
name: viz-namespace-metadata-linkerd-config
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: web
namespace: {{.Values.linkerdNamespace}}
labels:
namespace: {{.Values.linkerdNamespace}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: web
namespace: {{.Values.linkerdNamespace}}
labels:
namespace: {{.Values.linkerdNamespace}}
---from linkerd2.
deusxanima
commented on July 26, 2024
Hi @wibed , could you provide some additional info about what you're trying to do and how the install process is set up between kustomize and helm? Are you trying to install linkerd-viz in the kube-system namespace, or just create the role and rolebindings in this ns? Are any other helm values being modified via kustomize (and if so, do you see the same behavior for those values) or is this the only one you're modifying?
from linkerd2.
wibed
commented on July 26, 2024
@deusxanima the rolebinding and the role have to be in the same namespace. the serviceaccount has to be in the namespace the resource asks for.
therefor if there is a resource in the kube-system namespace which has to be accessible from the namespace, lets say linkerd-viz, the serviceaccount is located in linkerd-viz.
role and rolebinding on the other hand should be located in kube-system.
in this particular case it is the configmap within kubesystem that matters to the pod within linkerd-viz.
the namespace of the rolebinding though is overriden by some mysterious process i dont understand.
on the part of reproduction is clearly stated with a kustomization.yaml above.
just copy paste the file, install kustomization cli, adjust the home path kustomize will store the downloaded chart in
and run the command from above.
ill add the repo part right away, missed that one.
...done it will install the latest version by default.
from linkerd2.
mikutas
commented on July 26, 2024
Your kustomization literally overwrites your value.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: linkerd-viz # See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/namespace/
helmGlobals:
chartHome: ../../../../base/linkerdviz
helmCharts:
- name: linkerd-viz
releaseName: cluster0
namespace: linkerd-viz
includeCRDs: true
valuesInline:
repo: https://helm.linkerd.io/stablefrom linkerd2.
wibed
commented on July 26, 2024
there might be a misunderstanding, your right i am wrong.
kubernetes-sigs/kustomize#4716
releaseNamespace is not supported and the monkepatch "namespace" just overrides anything.
this mixup is terribly frustrating. can be closed
from linkerd2.
Related Issues (20)
- linkerd-viz deletion leads to hanging state HOT 5
- add support for Pod Topology Spread Constraints to the linkerd Deployment objects & Helm charts
- Installing Linkerd on EKS (ec2 nodes) HOT 1
- linkerd-viz tap apiservice option for hostNetwork: true HOT 5
- proxy-injector -- the injected container "linkerd-init" must not include "NET_ADMIN", "NET_RAW" in securityContext.capabilities.add HOT 7
- linkerd-control-plane in stable-2.14.6 could not deploy with linkerdVersion value override HOT 2
- Failed to validate networking configuration. Please ensure iptables rules are rewriting traffic as expected. HOT 7
- HTTPRoute status updates should keep existing conditions
- Support custom field in the access logs
- linkerd-await 0.2.8 fails to run on alpine linux HOT 2
- Traffic got routed to an endpoint that does not belong to the target service HOT 9
- Allow configuring runAsGroup attribute of sidecar and init containers HOT 9
- Tap APIService causes shortname conflict warnings with kubectl 1.29
- proxy_build_info git_version label value is the same as git_sha HOT 6
- Support for extra manifest objects HOT 4
- `duplicate metrics` warnings in service-mirror
- Viz Dashboard / Web serve from subpath
- Missing Golang type for enableHTTPRoutes HOT 3
- Envoy Gateway cannot route to a Service mirrored by Linkerd HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linkerd2.