-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NATS Operator and K8S v1.20 compatibility #321
Comments
I can reproduce this when using the ServiceAccounts feature. Install k8s version 1.20.0 minikube start --kubernetes-version=v1.20.0 \
--extra-config=apiserver.service-account-signing-key-file=/var/lib/minikube/certs/sa.key \
--extra-config=apiserver.service-account-key-file=/var/lib/minikube/certs/sa.pub \
--extra-config=apiserver.service-account-issuer=api \
--extra-config=apiserver.service-account-api-audiences=api,spire-server \
--extra-config=apiserver.authorization-mode=Node,RBAC \
--extra-config=kubelet.authentication-token-webhook=true Install operator and example deployment curl -sSL https://raw.githubusercontent.com/nats-io/nats-operator/master/example/nats-operator-cluster-scoped.yaml | kubectl apply -f -
curl -sSL https://raw.githubusercontent.com/nats-io/nats-operator/master/example/nats-operator-cluster-scoped-rbac.yaml | kubectl apply -f -
echo "sleeping for 15s..."; sleep 15
curl -sSL https://raw.githubusercontent.com/nats-io/nats-operator/master/example/example-svc-accounts-diff-namespaces.yaml | kubectl apply -f - No ➜ k get secret -A | grep -E "nats|app-ns"
my-admin-app-ns default-token-qlh8q kubernetes.io/service-account-token 3 2m2s
my-admin-app-ns nats-admin-user-token-6splc kubernetes.io/service-account-token 3 2m2s
my-app-ns default-token-ms9bg kubernetes.io/service-account-token 3 2m2s
my-app-ns nats-user-token-8qngh kubernetes.io/service-account-token 3 2m2s
nats-io default-token-5fhj5 kubernetes.io/service-account-token 3 2m53s
nats-io nats-operator-token-8n64n kubernetes.io/service-account-token 3 2m52s
nats-io nats-server-token-tmb7m kubernetes.io/service-account-token 3 2m52s
nats-system default-token-8wdtz kubernetes.io/service-account-token 3 2m2s Using minikube k8s version 1.19.10 this same procedure works, the ➜ k get secret -A | grep -E "nats|app-ns"
my-admin-app-ns default-token-tg7cd kubernetes.io/service-account-token 3 16s
my-admin-app-ns nats-admin-user-nats-cluster-bound-token Opaque 1 11s
my-admin-app-ns nats-admin-user-token-4rs9d kubernetes.io/service-account-token 3 16s
my-app-ns default-token-dwhjd kubernetes.io/service-account-token 3 16s
my-app-ns nats-user-nats-cluster-bound-token Opaque 1 16s
my-app-ns nats-user-token-jnqnt kubernetes.io/service-account-token 3 16s
nats-io default-token-s5lwr kubernetes.io/service-account-token 3 111s
nats-io nats-operator-token-pzcbx kubernetes.io/service-account-token 3 111s
nats-io nats-server-token-z59vw kubernetes.io/service-account-token 3 111s
nats-system default-token-vm8wm kubernetes.io/service-account-token 3 16s
nats-system nats-cluster Opaque 1 16s It would be nice if there was a guide to enable debug on the operator because there are hardly any logs to view. Thanks! |
We are looking for a fix to this. Any idea if anyone looking into fixing it? Thanks. |
Users have reported that some of the features from the operator like service roles have stopped working on K8S 1.20
The text was updated successfully, but these errors were encountered: