'User Defined Injections' feature is missing access rights to configmap
MichalGuzieniuk opened this issue · comments
What happened?
NRI is not able to read configmaps, and in result is not able to inject user defined resources into POD specification.
In logs I see such warning
W0407 09:50:20.910817 1 main.go:189] Failed to get configmap for user-defined injections: configmaps "nri-user-defined-injections" is forbidden: User "system:serviceaccount:kube-system:network-resources-injector-sa" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
What did you expect to happen?
I expect that NRI is able to get configuration from configmaps
Note
I did small research on this topic and I think that the problem are permissions defined at
when I add there configmaps to the resources list, injection feature starts to work as expected.
@MichalGuzieniuk Good stuff finding this. Can you produce a PR to fix this?
Sure, I will provide a PR with fix.