-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client.Get() requires watch permission #1156
Comments
How does your code look like? |
I understand that because of the cache the WACTH permission/verb is required. |
This is indeed normal and expected. If you want to make an uncached request, you can make a new client object instead. |
@coderanger can we do that from the existing client? |
I think you get this error already during startup and not really on the client.Get() call. If you create a controller for certain resources, it is normal that the controller manager starts to watch and list all resources that it can start the reconciliation if a resource changes (create/update/delete). |
Ok, I am probably wrong. If I understood #1222 correctly it seems that if you use Get or List on a resource for the first time it automatically gets added to the the informers which means it starts to watch that resource. |
How can we prevent this? We want to be able to get an object by name without having watch permissions but currently cannot do that |
Use a non-caching client. Right now you, somewhere, have some code like |
Ok, thank you |
/close |
@coderanger: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - kubernetes-sigs/controller-runtime#1156 Signed-off-by: Michail Resvanis <[email protected]>
) This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - kubernetes-sigs/controller-runtime#1156 Signed-off-by: Michail Resvanis <[email protected]> Signed-off-by: Michail Resvanis <[email protected]>
…h-ecosystem-edge#179) This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - kubernetes-sigs/controller-runtime#1156 Signed-off-by: Michail Resvanis <[email protected]> Upstream-Commit: dedee81
) (#225) This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - kubernetes-sigs/controller-runtime#1156 Signed-off-by: Michail Resvanis <[email protected]> Upstream-Commit: dedee81 Co-authored-by: Michail Resvanis <[email protected]>
…h-ecosystem-edge#179) This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - kubernetes-sigs/controller-runtime#1156 Signed-off-by: Michail Resvanis <[email protected]> Signed-off-by: Michail Resvanis <[email protected]> Upstream-Commit: dedee81
When trying to call client.Get(), if you don't have watch permissions for the resource, you get the following error, example get StorageClass:
Why does get require watch permission? It shouldn't be watching any resources
The text was updated successfully, but these errors were encountered: