Confluence DC depends on RBAC to work #1
Description
When using Confluence DC the entry point script depends on RBAC to be enabled. If its not possible to implement without, this is ok, but there is a way that doesnt depend on RBAC.
I've tested it with multitool.
kubectl create deployment multitool --image=praqma/network-multitool
kubectl scale deployment multitool --replicas=3
echo "apiVersion: v1
kind: Service
metadata:
labels:
app: multitool
name: multitool
namespace: default
spec:
clusterIP: "None"
selector:
app: multitool
type: ClusterIP
status:
loadBalancer: {}
" > multitool-service.yaml
kubectl apply -f multitool-service.yaml
kubectl exec -it multitool-7885b5f94f-6kjll bash
host multitool | grep has | cut -d " " -f 4 | tr "\n" "," | sed -e 's/,$//'
The above will give us
10.42.1.32,10.42.1.31,10.42.0.27
If we scale it down again to 1, and run the host command, it still works
10.42.0.27
In the file docker-entrypoint.sh at line 149 we use curl to get healthy endpoints from the api server, though this requires rabc permissions to do so.
CLUSTER_PEER_IPS=$(curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/${CONFLUENCE_NAMESPACE}/endpoints/${CONFLUENCE_SERVICE_NAME} | jq -r .subsets[].addresses[].ip | paste -sd "," -)
It could be replaced with something like
host $CONFLUENCE_SERVICE_NAME | grep has | cut -d " " -f 4 | tr "\n" "," | sed -e 's/,$//'
Much more elegant, and with not RBAC needed.