[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Headless services without selectors are forbidden in OpenShift



I need to direct Route/Service traffic from one namespace to another
which I have permissions to. (Possibly even the same namespace as
well.) Reading Kubernetes documentation[1] Services without selectors
seem to be the way to do it. It requires you to set Endpoints manually
(e.g. to Service or pod in another namespace) but OpenShift will forbid
you from doing that.

Error from server (Forbidden): error when creating "endpoints.yaml":
endpoints "my-service" is forbidden: endpoint address 10.131.xxx.xxx is
not allowed

It requires you to have endpoints/restricted permission regular users
don't have.

Is that intentional? What are the reasons? (I think this is the place
forbidding it [2].)

How else can regular user do this? (Except running "redirecting" pod
which is fragile.)

Thanks,
Tomas

[1] - https://kubernetes.io/docs/concepts/services-networking/service/#
headless-services
[2] - https://github.com/openshift/origin/blob/de21f148d1ca66ca2bfd2011
36c2e99ebda767e9/pkg/service/admission/endpoint_admission.go#L121


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]