Closed gberche-orange closed 4 months ago
Workaround for a crossplane installation in the namespace 70-crossplane
was for me to apply the following resources:
---
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
annotations:
labels:
name: crossplane-provider-upbound-controller-config
spec:
args:
- --debug
podSecurityContext: {}
securityContext: {}
serviceAccountName: crossplane-provider-upbound-gcp
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-gcp
namespace: 70-crossplane
spec:
controllerConfigRef:
name: crossplane-provider-upbound-controller-config
package: xpkg.upbound.io/upbound/provider-gcp:v0.20.0
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: crossplane-provider-upbound-gcp
namespace: 70-crossplane
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: crossplane-provider-upbound-gcp
rules:
- apiGroups:
- compute.gcp.upbound.io
- dialogflowcx.gcp.upbound.io
- monitoring.gcp.upbound.io
- appengine.gcp.upbound.io
- storage.gcp.upbound.io
- privateca.gcp.upbound.io
- containerazure.gcp.upbound.io
- container.gcp.upbound.io
- containeraws.gcp.upbound.io
- bigquery.gcp.upbound.io
- servicenetworking.gcp.upbound.io
- healthcare.gcp.upbound.io
- essentialcontacts.gcp.upbound.io
- kms.gcp.upbound.io
- spanner.gcp.upbound.io
- sql.gcp.upbound.io
- identityplatform.gcp.upbound.io
- cloudrun.gcp.upbound.io
- datacatalog.gcp.upbound.io
- composer.gcp.upbound.io
- notebooks.gcp.upbound.io
- cloudplatform.gcp.upbound.io
- cloudfunctions.gcp.upbound.io
- filestore.gcp.upbound.io
- redis.gcp.upbound.io
- cloudscheduler.gcp.upbound.io
- dataflow.gcp.upbound.io
- pubsub.gcp.upbound.io
- dns.gcp.upbound.io
- gkehub.gcp.upbound.io
- containeranalysis.gcp.upbound.io
- osconfig.gcp.upbound.io
- gcp.upbound.io
- cloudtasks.gcp.upbound.io
- firebaserules.gcp.upbound.io
- sourcerepo.gcp.upbound.io
- secretmanager.gcp.upbound.io
- oslogin.gcp.upbound.io
- eventarc.gcp.upbound.io
- iap.gcp.upbound.io
resources:
- '*'
- '*/finalizers'
verbs:
- get
- list
- watch
- update
- patch
- create
- apiGroups:
- ""
- coordination.k8s.io
resources:
- secrets
- configmaps
- events
- leases
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: crossplane-provider-upbound-gcp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: crossplane-provider-upbound-gcp
subjects:
- kind: ServiceAccount
name: crossplane-provider-upbound-gcp
namespace: 70-crossplane
---
This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale
. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh
will mark this issue as not stale.
This issue is being closed since there has been no activity for 14 days since marking it as stale
. If you still need help, feel free to comment or reopen the issue!
What happened?
Trying to use
upbound/provider-gcp
provider on openshift 4.10 where the k8s api plugin the OwnerReferencesPermissionEnforcement is turned on by default,, the MR never reconciles and displays the following error messageThis seems quite similar to https://github.com/crossplane/crossplane/issues/3443
How can we reproduce it?
Turn on the OwnerReferencesPermissionEnforcement plugin (see https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement) in the k8s cluster running
upbound/provider-gcp
provider integration testsWhat environment did it happen in?