Cannot run GameServer in non-default namespace

[jmaeso]

I want to start by explaining that this came by my fault by creating the gameserver in the agones-system namespace, but anyway, it should be able to run in any namespace.

It makes the gameserver not being able to get an ip and port where to connect to.
(Step 2 on simple-udp example)

Command: kubectl logs simple-udp-8l26l -c agones-gameserver-sidecar
Logs: https://gist.github.com/jmaeso/aa4562bd3ad4e5c91bd1e558e329f8a7

Workaround for this:

After you install Agones - make sure you are back on the default namespace

[markmandel]

This looks like the relevant parts of the log

{
    "error": "could not retrieve GameServer agones-system/simple-udp: gameservers.stable.agones.dev \"simple-udp\" is forbidden: User \"system:serviceaccount:agones-system:agones-sdk\" cannot get gameservers.stable.agones.dev in the namespace \"agones-system\"",
    "level": "error",
    "msg": "",
    "obj": "RequestReady",
    "queue": "stable.agones.dev.agones-system.simple-udp",
    "source": "*gameservers.SDKServer",
    "time": "2018-03-16T18:18:51Z"
}

{
    "level": "error",
    "msg": "could not retrieve GameServer agones-system/simple-udp: gameservers.stable.agones.dev \"simple-udp\" is forbidden: User \"system:serviceaccount:agones-system:agones-sdk\" cannot get gameservers.stable.agones.dev in the namespace \"agones-system\"",
    "stack": [
        "agones.dev/agones/pkg/gameservers.(*SDKServer).updateState\n\t/go/src/agones.dev/agones/pkg/gameservers/sdkserver.go:166",
        "agones.dev/agones/pkg/gameservers.NewSDKServer.func3\n\t/go/src/agones.dev/agones/pkg/gameservers/sdkserver.go:119",
        "agones.dev/agones/pkg/util/workerqueue.(*WorkerQueue).processNextWorkItem\n\t/go/src/agones.dev/agones/pkg/util/workerqueue/workerqueue.go:97",
        "agones.dev/agones/pkg/util/workerqueue.(*WorkerQueue).runWorker\n\t/go/src/agones.dev/agones/pkg/util/workerqueue/workerqueue.go:73",
        "agones.dev/agones/pkg/util/workerqueue.(*WorkerQueue).(agones.dev/agones/pkg/util/workerqueue.runWorker)-fm\n\t/go/src/agones.dev/agones/pkg/util/workerqueue/workerqueue.go:115",
        "agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/go/src/agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133",
        "agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/src/agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134",
        "agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait.Until\n\t/go/src/agones.dev/agones/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88",
        "runtime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2337"
    ],
    "time": "2018-03-16T18:18:51Z"
}

/cc @dzlier-gcp is there a way we can enable RBAC access to any namespace, or do we have to specify? From the docs, ClusterRoles can access "namespaced resources (like pods) across all namespaces (needed to run kubectl get pods --all-namespaces, for example)"

Or am I understanding this incorrectly?

[dzlier-gcp]

I get this in the controller logs:

{"error":"error creating Pod for GameServer simple-udp: pods \"simple-udp-\" is forbidden: error looking up service account agones-system/agones-sdk: serviceaccount \"agones-sdk\" not found"...

So looks like it's because the agones-sdk service account is created in the default namespace so it's not found in the namespace you try to create the game server in.

ClusterRoles are supposed to provide access across clusters, but namespaces are a different matter. I'll look into how to make it work.

[cyriltovena]

if it's not possible or difficult we could use a variable in the helm chart to prompt for which namespace he wants to use.

[enocom]

As discussed in #154, let's wait for the work in #101 to land and then revisit this work then.

[markmandel]

Now enough of #101 has essentially landed - this should be able to be implemented now.

Resources

• Passing multiple values to --set
  
• Helm: LOOPING WITH THE RANGE ACTION