Created
April 9, 2020 14:25
-
-
Save yiqigao217/a99afd57f5a5e3084d90b56fad31c99d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
---------------------------------------------------- | |
Trying to clean up from last run (this may fail, and that's fine) | |
Error from server (NotFound): namespaces "parent-605" not found | |
Error from server (NotFound): namespaces "child-605" not found | |
Error from server (NotFound): namespaces "grandchild-605" not found | |
Error from server (NotFound): namespaces "greatgrandchild-605" not found | |
---------------------------------------------------- | |
Setting up hierarchy with rolebinding that HNC doesn't have permission to copy | |
namespace/parent-605 created | |
namespace/child-605 created | |
namespace/grandchild-605 created | |
namespace/greatgrandchild-605 created | |
Setting the parent of child-605 to parent-605 | |
Succesfully updated 1 property of the hierarchical configuration of child-605 | |
Setting the parent of grandchild-605 to child-605 | |
Succesfully updated 1 property of the hierarchical configuration of grandchild-605 | |
Setting the parent of greatgrandchild-605 to grandchild-605 | |
Succesfully updated 1 property of the hierarchical configuration of greatgrandchild-605 | |
rolebinding.rbac.authorization.k8s.io/cluster-admin-rb created | |
Waiting 30s... | |
---------------------------------------------------- | |
Tree should show CannotPropagateObject in 'parent-605' and CannotUpdateObject in 'child-605' and 'grandchild-605' | |
parent-605 (1) | |
└── child-605 (2) | |
└── grandchild-605 (2) | |
└── greatgrandchild-605 (2) | |
Conditions: | |
1) CannotPropagateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
{APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
{NonResourceURLs:["*"], Verbs:["*"]} | |
2) CannotUpdateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
{APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
{NonResourceURLs:["*"], Verbs:["*"]} | |
---------------------------------------------------- | |
Removing the grandchild and verifying that the condition is gone in grandchild and greatgrandchild. Parent and child should still have the conditions. | |
Unsetting the parent of grandchild-605 (was previously child-605) | |
Succesfully updated 1 property of the hierarchical configuration of grandchild-605 | |
---------------------------------------------------- | |
There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' in all 10 attemps below: | |
---------------------------------------------------- | |
Attempt 1/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 2/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 3/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 4/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 5/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 6/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 7/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 8/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 9/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
Attempt 10/10 - There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
grandchild-605 | |
└── greatgrandchild-605 | |
Waiting 1s.. | |
---------------------------------------------------- | |
There should still be CannotPropagate condition in 'parent-605' and CannotUpdate condition in 'child-605' | |
parent-605 (1) | |
└── child-605 (2) | |
Conditions: | |
1) CannotPropagateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
{APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
{NonResourceURLs:["*"], Verbs:["*"]} | |
2) CannotUpdateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
{APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
{NonResourceURLs:["*"], Verbs:["*"]} | |
---------------------------------------------------- | |
Cleaning up | |
namespace "parent-605" deleted | |
namespace "child-605" deleted | |
namespace "grandchild-605" deleted | |
namespace "greatgrandchild-605" deleted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment