Giter Site home page Giter Site logo

Comments (7)

ycao56 avatar ycao56 commented on September 18, 2024

looks like finalizer permission is still needed

  - verbs:
      - delete
      - get
      - patch
      - update
    apiGroups:
      - operator.gatekeeper.sh
    resources:
      - gatekeepers/finalizers

after adding the missing permission to the role, I am getting following errors

2020-12-17T14:04:04.046Z	ERROR	controller	Reconciler error	{"reconcilerGroup": "operator.gatekeeper.sh", "reconcilerKind": "Gatekeeper", "controller": "gatekeeper", "name": "gatekeeper", "namespace": "", "error": "Unable to deploy Gatekeeper resources: Error attempting to get resource /gatekeeper-webhook-server-cert: an empty namespace may not be set when a resource name is provided", "errorVerbose": "an empty namespace may not be set when a resource name is provided\nError attempting to get resource /gatekeeper-webhook-server-cert\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).updateOrCreateResource\n\t/workspace/controllers/gatekeeper_controller.go:258\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).deployGatekeeperResources\n\t/workspace/controllers/gatekeeper_controller.go:195\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:156\nsigs.k8s.io/controlle...
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155
k8s.io/apimachinery/pkg/util/wait.BackoffUntil
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156
k8s.io/apimachinery/pkg/util/wait.JitterUntil
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
k8s.io/apimachinery/pkg/util/wait.Until
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90

from gatekeeper-operator.

ycao56 avatar ycao56 commented on September 18, 2024

@willkutler is seeing a different error on his ocp cluster

2020-12-17T16:55:01.515Z	ERROR	controller	Reconciler error	{"reconcilerGroup": "operator.gatekeeper.sh", "reconcilerKind": "Gatekeeper", "controller": "gatekeeper", "name": "gatekeeper", "namespace": "gatekeeper-system", "error": "Unable to deploy Gatekeeper resources: Unable to set controller reference for /configs.config.gatekeeper.sh: cluster-scoped resource must not have a namespace-scoped owner, owner's namespace gatekeeper-system", "errorVerbose": "cluster-scoped resource must not have a namespace-scoped owner, owner's namespace gatekeeper-system\nUnable to set controller reference for /configs.config.gatekeeper.sh\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).updateOrCreateResource\n\t/workspace/controllers/gatekeeper_controller.go:231\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).deployGatekeeperResources\n\t/workspace/controllers/gatekeeper_controller.go:195\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:156\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:244\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374\nUnable to deploy Gatekeeper resources\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/workspace/controllers/gatekeeper_controller.go:158\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:244\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155
k8s.io/apimachinery/pkg/util/wait.BackoffUntil
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156
k8s.io/apimachinery/pkg/util/wait.JitterUntil
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
k8s.io/apimachinery/pkg/util/wait.Until
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90

from gatekeeper-operator.

JAORMX avatar JAORMX commented on September 18, 2024

Are the images being uploaded automatically? I got that error with the default deployment, but when buildling the images myself and trying them out I got a different error (the default SA that's being used by the manager doesn't have enough pernissions to create a gatekeeper instance).

from gatekeeper-operator.

ycao56 avatar ycao56 commented on September 18, 2024

This was what I used to deploy https://github.com/open-cluster-management/policy-collection/blob/master/community/CM-Configuration-Management/policy-gatekeeper-operator.yaml
It pulls the bundle image from quay.io/gatekeeper/gatekeeper-operator-bundle-index:latest which is built/pushed by github action for this repo.

from gatekeeper-operator.

JAORMX avatar JAORMX commented on September 18, 2024

It finally worked for me, but I had to do KUBE_DISTRIBUTION=openshift, then make deploy, and then set a trigger to use the latest image I built... so there's definitely something fishy going on here.

from gatekeeper-operator.

ycao56 avatar ycao56 commented on September 18, 2024

just to add, this is currently failing both on ocp cluster and kind cluster + olm in our e2e test environment.

from gatekeeper-operator.

ycao56 avatar ycao56 commented on September 18, 2024

moved the second error #88 (comment) to a separate issue for tracking purpose #93

from gatekeeper-operator.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.