From 853c43737d7dc558648ba63171fcc9c582242278 Mon Sep 17 00:00:00 2001 From: Sean Malloy Date: Fri, 7 Feb 2020 22:03:14 -0600 Subject: [PATCH] Update ClusterRole To Allow Creating Events The descheduler creates a k8s event for each pod that it evicts. When the code to create events was added the RBAC ClusterRole was not updated to allow creating events. Users would see the below error in the descheduler log when it tried to create an event. "system:serviceaccount:kube-system:descheduler-sa" cannot create resource "events" in API group "" in the namespace "xxxx-production"' (will not retry!)' This change fixes this error by updating the ClusterRole to allow creation of k8s events. --- kubernetes/rbac.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/rbac.yaml b/kubernetes/rbac.yaml index 89548b252..7411c4fda 100644 --- a/kubernetes/rbac.yaml +++ b/kubernetes/rbac.yaml @@ -5,6 +5,9 @@ metadata: name: descheduler-cluster-role namespace: kube-system rules: +- apiGroups: [""] + resources: ["events"] + verbs: ["create"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "watch", "list"]