Operator fails to initialize and create Cluster and Topic

[bechhansen]

Describe the bug After updating from v0.16.1 to v0.18.0 the operator does not fully initialize and therefor it does not create Cluster or Topics.

Steps to reproduce the issue: For this application we do not use the Helm chart from the 'banzaicloud-stable' helm repo, but we download the helm chart from https://github.com/banzaicloud/koperator/tree/master/charts/kafka-operator. The reason for this is that the application must be deployable in an offline environment.

When the operator starts we get this error: E0901 10:19:16.734970 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope

Expected behavior As this is only an update from v0.16.1 I expect the same Cluster and Topics to be available after the update.

Additional context Operator version: v0.18.0 Kubernetes: k3s v1.19.7-k3s1

Error log from the operator: I0901 10:19:01.191607 1 request.go:668] Waited for 1.0336699s due to client-side throttling, not priority and fairness, request: GET:https://10.43.0.1:443/apis/coordination.k8s.io/v1beta1?timeout=32s {"level":"info","ts":"2021-09-01T10:19:01.389Z","logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"} {"level":"info","ts":"2021-09-01T10:19:01.389Z","logger":"setup","msg":"starting manager"} I0901 10:19:01.390212 1 leaderelection.go:243] attempting to acquire leader lease default/controller-leader-election-helper... {"level":"info","ts":"2021-09-01T10:19:01.390Z","logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"} I0901 10:19:16.730414 1 leaderelection.go:253] successfully acquired lease default/controller-leader-election-helper {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.CruiseControl","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.CruiseControl","msg":"Starting Controller","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster"} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.kafkatopic","msg":"Starting EventSource","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.kafkatopic","msg":"Starting Controller"} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaUser","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaUser","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaUser","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaUser","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaUser","msg":"Starting Controller","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaUser"} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting EventSource","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","source":"kind source: /, Kind="} {"level":"info","ts":"2021-09-01T10:19:16.730Z","logger":"controller-runtime.manager.controller.KafkaCluster","msg":"Starting Controller","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster"} E0901 10:19:16.734970 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:19:17.783874 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:19:20.056478 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:19:23.608830 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:19:32.116261 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:19:52.139532 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope E0901 10:20:24.694177 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.3/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:serviceaccount:default:kafka-operator" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope {"level":"error","ts":"2021-09-01T10:21:16.731Z","logger":"controller-runtime.manager.controller.kafkatopic","msg":"Could not wait for Cache to sync","error":"failed to wait for kafkatopic caches to sync: timed out waiting for cache to be synced","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/internal/controller/controller.go:195\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/internal/controller/controller.go:221\nsigs.k8s.io/controller-runtime/pkg/manager.(*controllerManager).startRunnable.func1\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/manager/internal.go:696"}

[bechhansen]

I tried to updating from v0.16.1 to v0.17.0 and apparently v0.17.0 does not have this issue.

[baluchicken]

Hi @bechhansen thanks for opening this issue. We are aware of the error and the fix is already merged into the master expect a new path release soon for v0.18.0. This is the duplicate of #651 #656

[adamantal]

v0.18.1 is out. Closing this issue.