Command

• check-image-updates
• delete
• deploy
• diff
• helm-pull
• helm-update
• list-images
• list-targets
• poke-images
• prune
• render
• validate
• version

Who are you?

Nikolay, 39, software developer and self-taught devops engineer

What do you want to do?

It would be useful if kluctl shows exactly what operations (Kubernetes API calls) with what objects were rejected because of permissions. Something like the following:

$ kluctl deploy --target dev --debug
...
[ACCESS DENIED] GET https://k8s.example.com/api/v1/namespaces
...
[ACCESS DENIED] GET https://k8s.example.com/api/v1/namespaces/sample-ns-dev/pods/ui-79cf6fd5f6-bkkfs
...

It would help to debug incrementally and grant needed permissions one-by-one until all critical resources and operations will be accessible to kluctl in order to deploy to the particular environment.

After that enhancement kluctl also could improve warnings about permissions in normal mode:

Warnings:
  at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly (run kluctl with "--debug" option to find out what resources were inaccessible)

Why do you need that?

Hi, I'm new to kluctl but found it quite usable, great project! One drawback is that currently I need to use cluster-admin role to deploy with kluctl. Otherwise I get permission errors and warnings:

Getting remote objects by discriminator: Failed with 27 errors

Warnings:
  at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly

Currently it's hard to determine what exactly permissions the utility needs. Or, more importantly, what permissions are critical to functioning properly and what can be omitted. I tried --debug option but it doesn't add useful details to output.