|
| 1 | + |
| 2 | +# FAQ |
| 3 | + |
| 4 | +## How does the value informed via the domain flag (i.e. `kubebuilder init --domain example.com`) when we init a project? |
| 5 | + |
| 6 | +After creating a project, usually you will want to extend the Kubernetes APIs and define new APIs which will be owned by your project. Therefore, the domain value is tracked in the [PROJECT][project-file-def] file which defines the config of your project and will be used as a domain to create the endpoints of your API(s). Please, ensure that you understand the [Groups and Versions and Kinds, oh my!][gvk]. |
| 7 | + |
| 8 | +The domain is for the group suffix, to explicitly show the resource group category. |
| 9 | +For example, if set `--domain=example.com`: |
| 10 | +``` |
| 11 | +kubebuilder init --domain example.com --repo xxx --plugins=go/v4-alpha |
| 12 | +kubebuilder create api --group mygroup --version v1beta1 --kind Mykind |
| 13 | +``` |
| 14 | +Then the result resource group will be `mygroup.example.com`. |
| 15 | + |
| 16 | +> If domain field not set, the default value is `my.domain`. |
| 17 | +
|
| 18 | +## I'd like to customize my project to use [klog][klog] instead of the [zap][zap] provided by controller-runtime. How to use `klog` or other loggers as the project logger? |
| 19 | + |
| 20 | +In the `main.go` you can replace: |
| 21 | +```go |
| 22 | + opts := zap.Options{ |
| 23 | + Development: true, |
| 24 | + } |
| 25 | + opts.BindFlags(flag.CommandLine) |
| 26 | + flag.Parse() |
| 27 | + |
| 28 | + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) |
| 29 | +``` |
| 30 | +with: |
| 31 | +```go |
| 32 | + flag.Parse() |
| 33 | + ctrl.SetLogger(klog.NewKlogr()) |
| 34 | +``` |
| 35 | + |
| 36 | +## After `make run`, I see errors like "unable to find leader election namespace: not running in-cluster..." |
| 37 | + |
| 38 | +You can enable the leader election. However, if you are testing the project locally using the `make run` |
| 39 | +target which will run the manager outside of the cluster then, you might also need to set the |
| 40 | +namespace the leader election resource will be created, as follows: |
| 41 | +```go |
| 42 | +mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ |
| 43 | + Scheme: scheme, |
| 44 | + MetricsBindAddress: metricsAddr, |
| 45 | + Port: 9443, |
| 46 | + HealthProbeBindAddress: probeAddr, |
| 47 | + LeaderElection: enableLeaderElection, |
| 48 | + LeaderElectionID: "14be1926.testproject.org", |
| 49 | + LeaderElectionNamespace: "<project-name>-system", |
| 50 | +``` |
| 51 | +
|
| 52 | +If you are running the project on the cluster with `make deploy` target |
| 53 | +then, you might not want to add this option. So, you might want to customize this behaviour using |
| 54 | +environment variables to only add this option for development purposes, such as: |
| 55 | +
|
| 56 | +```go |
| 57 | + leaderElectionNS := "" |
| 58 | + if os.Getenv("ENABLE_LEADER_ELECATION_NAMESPACE") != "false" { |
| 59 | + leaderElectionNS = "<project-name>-system" |
| 60 | + } |
| 61 | + |
| 62 | + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ |
| 63 | + Scheme: scheme, |
| 64 | + MetricsBindAddress: metricsAddr, |
| 65 | + Port: 9443, |
| 66 | + HealthProbeBindAddress: probeAddr, |
| 67 | + LeaderElection: enableLeaderElection, |
| 68 | + LeaderElectionNamespace: leaderElectionNS, |
| 69 | + LeaderElectionID: "14be1926.testproject.org", |
| 70 | + ... |
| 71 | +``` |
| 72 | +
|
| 73 | +## I am facing the error "open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied" when I deploy my project against Kubernetes old versions. How to sort it out? |
| 74 | +
|
| 75 | +If you are facing the error: |
| 76 | +``` |
| 77 | +1.6656687258729894e+09 ERROR controller-runtime.client.config unable to get kubeconfig {"error": "open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied"} |
| 78 | +sigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie |
| 79 | + /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/client/config/config.go:153 |
| 80 | +main.main |
| 81 | + /workspace/main.go:68 |
| 82 | +runtime.main |
| 83 | + /usr/local/go/src/runtime/proc.go:250 |
| 84 | +``` |
| 85 | +when you are running the project against a Kubernetes old version (maybe <= 1.21) , it might be caused by the [issue][permission-issue] , the reason is the mounted token file set to `0600`, see [solution][permission-PR] here. Then, the workaround is: |
| 86 | +
|
| 87 | +Add `fsGroup` in the manager.yaml |
| 88 | +```yaml |
| 89 | +securityContext: |
| 90 | + runAsNonRoot: true |
| 91 | + fsGroup: 65532 # add this fsGroup to make the token file readable |
| 92 | +``` |
| 93 | +However, note that this problem is fixed and will not occur if you deploy the project in high versions (maybe >= 1.22). |
| 94 | +
|
| 95 | +[gvk]: ./cronjob-tutorial/gvks.md |
| 96 | +[project-file-def]: ./reference/project-config.md |
| 97 | +[klog]: https://github.com/kubernetes/klog |
| 98 | +[zap]: https://github.com/uber-go/zap |
| 99 | +[permission-issue]: https://github.com/kubernetes/kubernetes/issues/82573 |
| 100 | +[permission-PR]: https://github.com/kubernetes/kubernetes/pull/89193 |
0 commit comments