rocketmq-operator service account issue with regards to locking configmaps

[pmontagna]

The issue tracker is ONLY used for the bug report(feature request need to follow RIP process). Keep in mind, please check whether there is an existing same report before you raise a new one.

Alternately (especially if your communication is not a bug report), you can send mail to our mailing lists. We welcome any friendly suggestions, bug fixes, collaboration and other improvements.

Please ensure that your bug report is clear and that it is complete. Otherwise, we may be unable to understand it or to reproduce it, either of which would prevent us from fixing the bug. We strongly recommend the report(bug report or feature request) could include some hints as the following:

BUG REPORT

1. Please describe the issue you observed: I am having an issue with leader election concerning the locking of configmap resource because of the following error: E0824 18:51:10.020084 1 leaderelection.go:330] error retrieving resource lock event-mesh/2516c052.apache.org: configmaps "2516c052.apache.org" is forbidden: User "system:serviceaccount:event-mesh:rocketmq-operator" cannot get resource "configmaps" in API group "" in the namespace "event-mesh" However when I look at the clusterrole/rocketmq-operator I see that it has the correct permissions. See below: Name: rocketmq-operator Labels: Annotations: PolicyRule: Resources Non-Resource URLs Resource Names Verbs

   ---

   configmaps [] [] [create delete get list patch update watch] Forbidden means a serviceaccount permission issue. Is there a permission I am missing?

• What did you expect to see? The cluster running:
• What did you see instead? No cluster
  2. Please tell us about your environment: 6-node kubernetes cluster running on Rancher with enough CPU and Memory to run rocketmq-operator and several rocketmq clusters.
  3. Other information (e.g. detailed explanation, logs, related issues, suggestions how to fix, etc):

cluster-create.log

[pmontagna]

Fix is to add namespace to service_accounts.yaml. Results in a running cluster: NAME READY STATUS RESTARTS AGE broker-0-master-0 1/1 Running 0 79s broker-0-replica-1-0 1/1 Running 0 79s console-7696c8b4d8-q8jfx 1/1 Running 0 79s name-service-0 1/1 Running 0 92s rocketmq-operator-96b99b7f6-gsstw 1/1 Running 0 4m47s