-
-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dask-kubernetes-operator-role-cluster clusterrole does not have the needed ACL against pods/portforward resource #909
Comments
Thanks for raising this. I wouldn't necessarily expect the controller Pod to be opening port forwards to the scheduler Pods, so there may be a deeper issue going on. Generally the controller will attempt to connect directly to the scheduler Pod, and that may be failing for some reason and so it is falling back to a port forward. Could you check your logs for other failing connection messages? |
Thanks @jacobtomlinson . The following was also seen in the operator pod log:
|
Yeah I'm not surprised by that one. We have three levels of fallback when communicating with the scheduler:
Your initial message is failing on that last step. But I'm curious why the middle step is failing at all. |
Describe the issue:
The dask-kubernetes-operator pod shows an 403 Forbidden error when trying to access the k8s api. It does not seem to have the right cluster role permissions
Execcing into the pod and trying the same call against the API.
Editing the clusterrole,
And adding
pods/portforward
Around
dask-kubernetes/dask_kubernetes/operator/deployment/helm/dask-kubernetes-operator/templates/clusterrole.yaml
Line 34 in ab1be69
and restarting the application pod corrected the problem.
Environment:
The text was updated successfully, but these errors were encountered: