Hide Forgot
https://docs.openshift.com/container-platform/3.3/admin_guide/manage_authorization_policy.html#admin-guide-granting-users-daemonset-permissions Step 1: Section describes an example daemonset definition that when attempting to create it, comes with an error: # oc create -f foo.yaml unable to decode "foo.yaml": json: cannot unmarshal array into Go value of type unversioned.TypeMeta Step 2: The command creates role name daemonset-admin, not system:daemonset-admin. https://github.com/openshift/openshift-docs/issues/3243
Hi DeShuai, I updated the documentation for Step 2 in PR#3740[1]. I'm still working on Step 1. In the meantime, would you mind taking a look at the open PR? Thanks! [1] https://github.com/openshift/openshift-docs/pull/3740
The clusterrole definition there is straight out of the aggregated logging definitions, at https://github.com/openshift/origin-aggregated-logging/blob/c083193b838c1e2cb0a2787a2e855950b460c614/deployer/deployer.yaml#L53 Those are working fine as far as we know, so I don't see what could be wrong with this. Nevertheless, it does fail as reported. I'm not sure how to track down why.
Thanks, Luke!
Add comment to the pr
(In reply to Luke Meyer from comment #5) > The clusterrole definition there is straight out of the aggregated logging > definitions, at > https://github.com/openshift/origin-aggregated-logging/blob/ > c083193b838c1e2cb0a2787a2e855950b460c614/deployer/deployer.yaml#L53 > > Those are working fine as far as we know, so I don't see what could be wrong > with this. Nevertheless, it does fail as reported. I'm not sure how to track > down why. Since current docs is just copied&pasted the role from deployer.yaml directly, the format is invalid. Please aware that deployer.yaml defines ClusterRole as one of the "list". So, I would appreciate it if you could update the doc as below(just simply remove '-' and two whitespaces): ~~~ apiVersion: v1 kind: ClusterRole metadata: name: daemonset-admin rules: - resources: - daemonsets apiGroups: - extensions verbs: - create - get - list - watch - delete - update ~~~ Then, as for system:daemonset-admin to daemonset-admin, that looks good with current PR. > Deshuai Thank you.
Boy do I feel dumb now :)
Thank you, Deshuai and Kenjiro! I updated the PR and removed the hyphen and extraneous spaces.
Commits pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/0bc77e65512966e8ad06a3b9305358f8e9253494 Bug 1396340 Update to example daemonset definition https://github.com/openshift/openshift-docs/commit/da4eef95bc3a3cc6de058691fc0749e14b89e088 Merge pull request #3740 from bmcelvee/BZ1396340 Bug 1396340 Update to example daemonset definition
This is now live here: https://docs.openshift.com/container-platform/3.3/admin_guide/manage_authorization_policy.html#admin-guide-granting-users-daemonset-permissions Moving this to CLOSED --> CURRENTRELEASE.