I'm attempting to install the prometheus-apb on cdk 3.5.0 on Mac OS X and the prometheus-apb is failing, even when I assign cluster-admin to the developer account.
** config
Mac OS X
3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64)
oc v3.10
* Steps to reproduce
using the 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64)
MINISHIFT_ENABLE_EXPERIMENTAL=y minishift start --ocp-tag v3.10.14 --extra-clusterup-flags "--enable=,service-catalog,automation-service-broker"
I'm attempting to install the prometheus-apb on cdk 3.5.0 on Mac OS X and the prometheus-apb is failing, even when I assign cluster-admin to the developer account.
** config Mac OS X 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64) oc v3.10
* Steps to reproduce using the 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64) MINISHIFT_ENABLE_EXPERIMENTAL=y minishift start --ocp-tag v3.10.14 --extra-clusterup-flags "--enable=,service-catalog,automation-service-broker"
oc login -u system:admin oc export cm/broker-config -n openshift-automation-service-broker | sed 's/sandbox_role: .*/sandbox_role: \"admin\"/' | oc replace -f - cm/broker-config -n openshift-automation-service-broker oc rollout latest dc/openshift-automation-service-broker -n openshift-automation-service-broker oc adm policy add-cluster-role-to-user cluster-admin developer
DEPRECATED: APB playbooks should be stored at /opt/apb/project
| cp: omitting directory ‘/opt/apb/actions/vars’ | | PLAY [[PROMETHEUS APB][PROVISION] Provision application Prometheus APB] **** | | TASK [ansible.kubernetes-modules : Install latest openshift client] **** | skipping: [localhost] | | TASK [ansibleplaybookbundle.asb-modules : debug] *** | skipping: [localhost] | | TASK [prometheus-apb : [PROMETHEUS-APB][MAIN] MongoDB] * | ok: [localhost] => { | "msg": [ | "Entering on Main:", | " Mode: provision", | " State: present", | " Plan: ephemeral" | ] | } | | TASK [prometheus-apb : [PROMETHEUS APB][MAIN] Deploying Prometheus] **** | included: /opt/ansible/roles/prometheus-apb/tasks/prometheus.yml for localhost | | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present the Prometheus ServiceAccount] * | changed: [localhost] | | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recover secret name] **** | skipping: [localhost] => (item={u'kind': None, u'name': u'prometheus-dockercfg-t75q5', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None}) | ok: [localhost] => (item={u'kind': None, u'name': u'prometheus-token-svmnp', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None}) | | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recovering Service Account token] * | ok: [localhost] | | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Creating a fact with the secret token of Service Account] | ok: [localhost] | | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present RoleBinding for Service Account] | fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "msg": "Failed to retrieve requested object: rolebindings.rbac.authorization.k8s.io \"prometheus-view\" is forbidden: User \"system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981\" cannot get rolebindings.rbac.authorization.k8s.io in the namespace \"foobar\": User \"system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981\" cannot get rolebindings.rbac.authorization.k8s.io in project \"foobar\""} | | PLAY RECAP ***** | localhost : ok=6 changed=1 unreachable=0 failed=1