Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installer Controller Continuously Reconcile due to RBAC error #201

Closed
matteogastaldello opened this issue Jul 2, 2024 · 0 comments · Fixed by #202
Closed

Installer Controller Continuously Reconcile due to RBAC error #201

matteogastaldello opened this issue Jul 2, 2024 · 0 comments · Fixed by #202
Assignees
@matteogastaldello

Comments

@matteogastaldello
Copy link
Contributor

Describe the bug
Installer controller continuously due to missing RBAC policies

2024-07-02T08:12:49Z	DEBUG	installer-provider	Worflow failure	{"controller": "managed/krateoplatformops", "error": "installer-starter-pack: cannot patch \"typicode-endpoint\" with kind Secret: secrets \"typicode-endpoint\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"secrets\" in API group \"\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"static\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"static\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"external-api\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"external-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"internal-api\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"internal-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"static-external-internal-api\" with kind Column: columns.widgets.krateo.io \"static-external-internal-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"columns\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"two-cardtemplates\" with kind Column: columns.widgets.krateo.io \"two-cardtemplates\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"columns\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind CompositionDefinition: compositiondefinitions.core.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"compositiondefinitions\" in API group \"core.krateo.io\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind CompositionDefinition: compositiondefinitions.core.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"compositiondefinitions\" in API group \"core.krateo.io\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind FormTemplate: formtemplates.widgets.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"formtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind FormTemplate: formtemplates.widgets.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"formtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"two\" with kind Row: rows.widgets.krateo.io \"two\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"rows\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"cyberjoker\" with kind User: users.basic.authn.krateo.io \"cyberjoker\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"users\" in API group \"basic.authn.krateo.io\" at the cluster scope"}
2024-07-02T08:12:49Z	DEBUG	installer-provider	Cannot create external resource	{"controller": "managed/krateoplatformops", "request": {"name":"krateo","namespace":"krateo-system"}, "uid": "a09bbd2c-8e43-4adf-941d-d25bf52b78b9", "version": "2539", "external-name": "", "error": "installer-starter-pack: cannot patch \"typicode-endpoint\" with kind Secret: secrets \"typicode-endpoint\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"secrets\" in API group \"\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"static\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"static\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"external-api\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"external-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"internal-api\" with kind CardTemplate: cardtemplates.widgets.krateo.io \"internal-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"cardtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"static-external-internal-api\" with kind Column: columns.widgets.krateo.io \"static-external-internal-api\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"columns\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"two-cardtemplates\" with kind Column: columns.widgets.krateo.io \"two-cardtemplates\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"columns\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind CompositionDefinition: compositiondefinitions.core.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"compositiondefinitions\" in API group \"core.krateo.io\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind CompositionDefinition: compositiondefinitions.core.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"compositiondefinitions\" in API group \"core.krateo.io\" in the namespace \"demo-system\" && cannot patch \"fireworksapp-tgz\" with kind FormTemplate: formtemplates.widgets.krateo.io \"fireworksapp-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"formtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"postgresql-tgz\" with kind FormTemplate: formtemplates.widgets.krateo.io \"postgresql-tgz\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"formtemplates\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"two\" with kind Row: rows.widgets.krateo.io \"two\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"rows\" in API group \"widgets.krateo.io\" in the namespace \"demo-system\" && cannot patch \"cyberjoker\" with kind User: users.basic.authn.krateo.io \"cyberjoker\" is forbidden: User \"system:serviceaccount:krateo-system:installer\" cannot patch resource \"users\" in API group \"basic.authn.krateo.io\" at the cluster scope"}

To Reproduce
Install the chart at version 0.3.1
@matteogastaldello matteogastaldello self-assigned this Jul 2, 2024
@matteogastaldello matteogastaldello linked a pull request Jul 2, 2024 that will close this issue
fix: add missing patch verb #202
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matteogastaldello matteogastaldello

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: add missing patch verb krateoplatformops/installer-chart
1 participant
@matteogastaldello