fix(drift): kubectl not found + RBAC services/configmaps/ingresses
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
drift_detector 用 kubectl 比對 Git YAML vs K8s 實際狀態,但: 1. API image 沒有 kubectl binary → No such file or directory: 'kubectl' 2. awoooi-executor ClusterRole 缺少 services/configmaps/ingresses list 權限 修復: - Dockerfile: apt install curl + download kubectl v1.29.0 amd64 - 07-rbac.yaml: 加入 services/configmaps (core) + ingresses (networking.k8s.io) get/list/watch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -58,9 +58,14 @@ COPY apps/api/alert_rules.yaml ./alert_rules.yaml
|
||||
# 2026-04-10 Claude Sonnet 4.6: drift_detector 需要 k8s/ YAML 做 Git state 比對
|
||||
COPY k8s/ ./k8s/
|
||||
|
||||
# Install openssh-client — SSH_COMMAND Playbook 執行路徑需要 ssh binary
|
||||
# Install openssh-client + curl — SSH_COMMAND Playbook + healthcheck
|
||||
# Install kubectl — drift_detector 需要 kubectl 讀取 K8s 實際狀態
|
||||
# (2026-04-09 Claude Sonnet 4.6 Asia/Taipei, Bug #6 修正 — python:3.11-slim 無 openssh-client)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends openssh-client && rm -rf /var/lib/apt/lists/*
|
||||
# (2026-04-10 Claude Sonnet 4.6 Asia/Taipei: drift kubectl_error — No such file or directory: 'kubectl')
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends openssh-client curl && \
|
||||
curl -LO "https://dl.k8s.io/release/v1.29.0/bin/linux/amd64/kubectl" && \
|
||||
chmod +x kubectl && mv kubectl /usr/local/bin/kubectl && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user
|
||||
RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
|
||||
|
||||
@@ -56,6 +56,16 @@ rules:
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list"]
|
||||
|
||||
# drift_detector: 讀取 services/configmaps/ingresses 做 Git vs K8s 漂移比對
|
||||
# 2026-04-10 Claude Sonnet 4.6 Asia/Taipei: 補齊 drift scan 所需 RBAC
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "configmaps"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments", "deployments/status", "replicasets"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
Reference in New Issue
Block a user