K
Q

Openshift Monitoring with REST_API

9/15/2020

I am trying to use Openshift REST-API's to get the status of my cron-jobs. I am the admin of my namespace but I don't have cluster access so I can't do anything on cluster level.

Now, to get the status, I am first creating the role : 

# oc create role podreader --verb=get --verb=list --verb=watch --resource=pods,cronjobs.batch,jobs.batch
role.rbac.authorization.k8s.io/podreader created

But when I try to add a role to a service account it fails. 

# oc create serviceaccount nagios 
# oc policy add-role-to-user podreader system:serviceaccount:uc-immoscout-dev:nagios
Warning: role 'podreader' not found
Error from server (NotFound): clusterroles.rbac.authorization.k8s.io "podreader" not found

My main intention is to to get the status of my cron-jobs, jobs and pods which I am scheduling.

-- dataplumber
azure-rbac
kubernetes
openshift
openshift-enterprise
rbac

Similar Questions

How to get namespace from current-context set in .kube/config
A question regarding resource allocation in Kubernetes
Sporadic 504 Bad Gateway Errors
Not able to expose deployment using kubernetes in google cloud
How to run Django Daphne service on Google Kubernetes Engine and Google Container Registry

1 Answer

9/15/2020

You'll have to add --role-namespace=namespace-of-role to the oc policy add-role-to-user command otherwise the role is treated as a cluster role.

From the docs:

--role-namespace='': namespace where the role is located: empty means a role defined in cluster policy

-- derkoe
Source: StackOverflow