From 096e3bdfba31d2918520011886a6a0d1f1b08c84 Mon Sep 17 00:00:00 2001
From: Staffan Olsson <staffan@repos.se>
Date: Thu, 14 Dec 2017 07:50:06 +0100
Subject: [PATCH] Deprecates our own statefulset pod label kafka-broker-id

---
 README.md                 | 2 ++
 kafka/10broker-config.yml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/README.md b/README.md
index c3495647..4ba9a0ce 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,8 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r
 kubectl apply -f rbac-namespace-default/
 ```
 
+For example rack awareness can fail without this, `logs -c init-config` showing `Error from server (Forbidden): pods "kafka-0" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka": Unknown user "system:serviceaccount:kafka:default"`.
+
 ## Tests
 
 Tests are based on the [kube-test](https://github.com/Yolean/kube-test) concept.
diff --git a/kafka/10broker-config.yml b/kafka/10broker-config.yml
index d11eeafc..bc1d55db 100644
--- a/kafka/10broker-config.yml
+++ b/kafka/10broker-config.yml
@@ -23,6 +23,7 @@ data:
         sed -i "s/#init#broker.rack=#init#/broker.rack=$ZONE/" /etc/kafka/server.properties
       fi
 
+      # This requires additional RBAC, and won't be needed after https://github.com/kubernetes/kubernetes/pull/55329
       kubectl -n $POD_NAMESPACE label pod $POD_NAME kafka-broker-id=$KAFKA_BROKER_ID
 
       OUTSIDE_HOST=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}')