rbac-tool who-can create <custom_resource> fails with `memory budget exceeded` (1.3 GB usage)
gberche-orange opened this issue · comments
What happened:
Running the following command within a k8s container fails:
$ rbac-tool who-can create mysqlinstances.database.orange.com
[...]
Failed to run program - memory budget exceeded (6:24)
| { .Verb in [Verb, "*"] and
| .......................^
within htop, I see 6 processes with VIRT to 1.3 GB prior to the crash
What you expected to happen:
- rbac-tool taking longer to produce output but not not crash
- a stack trace is displayed to helm diagnostic
How to reproduce it (as minimally and precisely as possible):
- an openshift cluster with a large number of crds
Anything else we need to know?:
$ rbac-tool who-can create mysqlinstances.database.orange.com -v 9
[...]
I0301 11:09:54.444305 1881 subject_permissions.go:72] {Kind:ServiceAccount APIGroup: Name:deployer [...]
Failed to run program - memory budget exceeded (6:24)
| { .Verb in [Verb, "*"] and
| .......................^
Environment:
- Kubernetes version (use
kubectl version
): - Cloud provider or configuration:
- Install tools:
- Others:
Workaround: use https://github.com/aquasecurity/kubectl-who-can
kubectl krew install who-can
kubectl who-can create mysqlinstances.database.orange.com