Comments (5)
This is a confirmed bug. Addressed by #79. We will be looking to push our a new version soon and then published to Operator Hub
from quay-operator.
Yes- works fine now. Thanks for the quick fix Andrew!
from quay-operator.
I have the same error
{"level":"error","ts":1569936976.630348,"logger":"util","msg":"unable to create object","object":{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","namespace":"quay-enterprise","name":"example-quayecosystem"},"error":"roles.rbac.authorization.k8s.io \"example-quayecosystem\" is forbidden: user \"system:serviceaccount:quay-enterprise:quay-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:quay-enterprise\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"secrets\"], Verbs:[\"put\"]}","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/redhat-cop/operator-utils/pkg/util.(*ReconcilerBase).CreateOrUpdateResource\n\t/home/travis/gopath/pkg/mod/github.com/redhat-cop/[email protected]/pkg/util/reconciler.go:153\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).createRBAC\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:585\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).CoreQuayResourceDeployment\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:59\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem.(*ReconcileQuayEcosystem).Reconcile\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/quayecosystem_controller.go:136\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:215\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:88"}
{"level":"error","ts":1569936976.6304488,"logger":"controller_quayecosystem","msg":"Failed to create RBAC","error":"roles.rbac.authorization.k8s.io \"example-quayecosystem\" is forbidden: user \"system:serviceaccount:quay-enterprise:quay-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:quay-enterprise\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"secrets\"], Verbs:[\"put\"]}","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).CoreQuayResourceDeployment\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:60\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem.(*ReconcileQuayEcosystem).Reconcile\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/quayecosystem_controller.go:136\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:215\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:88"}
{"level":"info","ts":1569937266.6427338,"logger":"controller_quayecosystem","msg":"Reconciling QuayEcosystem","Request.Namespace":"quay-enterprise","Request.Name":"example-quayecosystem"}
{"level":"error","ts":1569937266.6818974,"logger":"util","msg":"unable to create object","object":{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","namespace":"quay-enterprise","name":"example-quayecosystem"},"error":"roles.rbac.authorization.k8s.io \"example-quayecosystem\" is forbidden: user \"system:serviceaccount:quay-enterprise:quay-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:quay-enterprise\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"secrets\"], Verbs:[\"put\"]}","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/redhat-cop/operator-utils/pkg/util.(*ReconcilerBase).CreateOrUpdateResource\n\t/home/travis/gopath/pkg/mod/github.com/redhat-cop/[email protected]/pkg/util/reconciler.go:153\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).createRBAC\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:585\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).CoreQuayResourceDeployment\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:59\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem.(*ReconcileQuayEcosystem).Reconcile\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/quayecosystem_controller.go:136\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:215\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:88"}
{"level":"error","ts":1569937266.681981,"logger":"controller_quayecosystem","msg":"Failed to create RBAC","error":"roles.rbac.authorization.k8s.io \"example-quayecosystem\" is forbidden: user \"system:serviceaccount:quay-enterprise:quay-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:quay-enterprise\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"secrets\"], Verbs:[\"put\"]}","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning.(*ReconcileQuayEcosystemConfiguration).CoreQuayResourceDeployment\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/provisioning/provision.go:60\ngithub.com/redhat-cop/quay-operator/pkg/controller/quayecosystem.(*ReconcileQuayEcosystem).Reconcile\n\t/home/travis/gopath/src/github.com/redhat-cop/quay-operator/pkg/controller/quayecosystem/quayecosystem_controller.go:136\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:215\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/travis/gopath/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:88"}
Deploying using the operator doesn't failed on this
from quay-operator.
Encountered this with a 4.2 nightly build as well.
from quay-operator.
@BillDett @lisa @daufinsyd version v0.0.7
released and published to operratorhub.io. I was able to use it in my OCP cluster to stand up Quay successfully
Can you retest?
from quay-operator.
Related Issues (20)
- Role "skynet-quay-database" does not exist HOT 4
- quay-operator-index not available HOT 1
- Quay and Nooba, .spec.ObjectBucketName: field not declared in schema HOT 8
- Quay config secret not found, when creating quay instance
- trying to deploy quay-operator from readme instructions, access denied to operator image HOT 2
- Updating package version in go.sum breaks go module dependency HOT 1
- Hugepages support doesn't appear to work correctly HOT 2
- postgres and redis container images anywhere but dockerhub HOT 7
- [Question] Licensing HOT 2
- Related image environment variable for operator HOT 1
- Missing Service for operator HOT 4
- Can't override affinity for quay-app-upgrade Job
- serviceAccountName is missing from PodSpec in quay-config-editor Deployment
- Community Operator Stable Channel 3.8 not working HOT 2
- Resource configuration for internal database deployments incorrect HOT 2
- Installation stuck at "mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied" HOT 3
- Unable to override matcher.period
- How do you modify the CPU request? HOT 1
- Questions about high availability HOT 1
- FEATURE REQUEST - Integration Quay & Stackrox (ACS)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quay-operator.