Comments (7)
looks like finalizer permission is still needed
- verbs:
- delete
- get
- patch
- update
apiGroups:
- operator.gatekeeper.sh
resources:
- gatekeepers/finalizers
after adding the missing permission to the role, I am getting following errors
2020-12-17T14:04:04.046Z ERROR controller Reconciler error {"reconcilerGroup": "operator.gatekeeper.sh", "reconcilerKind": "Gatekeeper", "controller": "gatekeeper", "name": "gatekeeper", "namespace": "", "error": "Unable to deploy Gatekeeper resources: Error attempting to get resource /gatekeeper-webhook-server-cert: an empty namespace may not be set when a resource name is provided", "errorVerbose": "an empty namespace may not be set when a resource name is provided\nError attempting to get resource /gatekeeper-webhook-server-cert\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).updateOrCreateResource\n\t/workspace/controllers/gatekeeper_controller.go:258\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).deployGatekeeperResources\n\t/workspace/controllers/gatekeeper_controller.go:195\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:156\nsigs.k8s.io/controlle...
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155
k8s.io/apimachinery/pkg/util/wait.BackoffUntil
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
k8s.io/apimachinery/pkg/util/wait.Until
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
from gatekeeper-operator.
@willkutler is seeing a different error on his ocp cluster
2020-12-17T16:55:01.515Z ERROR controller Reconciler error {"reconcilerGroup": "operator.gatekeeper.sh", "reconcilerKind": "Gatekeeper", "controller": "gatekeeper", "name": "gatekeeper", "namespace": "gatekeeper-system", "error": "Unable to deploy Gatekeeper resources: Unable to set controller reference for /configs.config.gatekeeper.sh: cluster-scoped resource must not have a namespace-scoped owner, owner's namespace gatekeeper-system", "errorVerbose": "cluster-scoped resource must not have a namespace-scoped owner, owner's namespace gatekeeper-system\nUnable to set controller reference for /configs.config.gatekeeper.sh\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).updateOrCreateResource\n\t/workspace/controllers/gatekeeper_controller.go:231\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).deployGatekeeperResources\n\t/workspace/controllers/gatekeeper_controller.go:195\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:156\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:244\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374\nUnable to deploy Gatekeeper resources\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:158\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:244\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155
k8s.io/apimachinery/pkg/util/wait.BackoffUntil
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
k8s.io/apimachinery/pkg/util/wait.Until
/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
from gatekeeper-operator.
Are the images being uploaded automatically? I got that error with the default deployment, but when buildling the images myself and trying them out I got a different error (the default SA that's being used by the manager doesn't have enough pernissions to create a gatekeeper instance).
from gatekeeper-operator.
This was what I used to deploy https://github.com/open-cluster-management/policy-collection/blob/master/community/CM-Configuration-Management/policy-gatekeeper-operator.yaml
It pulls the bundle image from quay.io/gatekeeper/gatekeeper-operator-bundle-index:latest
which is built/pushed by github action for this repo.
from gatekeeper-operator.
It finally worked for me, but I had to do KUBE_DISTRIBUTION=openshift
, then make deploy
, and then set a trigger to use the latest image I built... so there's definitely something fishy going on here.
from gatekeeper-operator.
just to add, this is currently failing both on ocp cluster and kind cluster + olm in our e2e test environment.
from gatekeeper-operator.
moved the second error #88 (comment) to a separate issue for tracking purpose #93
from gatekeeper-operator.
Related Issues (20)
- Add golangci-lint linter
- Update to Go 1.16
- Do not skip creating the Namespace asset in Kubernetes
- OpenShift: consider whether to add openshift-operators to exempt namespace
- Consider moving to ComponentConfig instead of CLI flags
- Remove role and rolebinding RBAC configs
- Add new Gatekeeper operator API options
- Upgrade Operator Gatekeeper API to v1alpha2 HOT 1
- Consider migrating to using goreleaser for releasing the operator
- Collect logs at the end of GitHub Actions Workflow CI
- Use sigstore to add security to releases
- Add dependabot for automating updates to dependencies
- Add support for Gatekeeper v3.6
- OpenShift: use default opt-in namespace selector for webhook configs
- Update yaml used for tests and alm-examples
- Add HPA
- [Question] Is there any way to specify operators (greater / less than) within a mutation policy? HOT 2
- New release for operatorhub HOT 2
- openshift-multus: admission webhook "check-ignore-label.gatekeeper.sh" denied
- Client-side throttling, pod restarts - need to update client-go HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper-operator.