Closed badal773 closed 2 months ago
❌ There was a problem linking to Azure Boards work item(s):
Please check the IDs and try again using the AB# syntax. Learn more
❌ There was a problem linking to Azure Boards work item(s):
Please check the IDs and try again using the AB# syntax. Learn more
📜 Description
We are currently using an OpenShift environment where pods are granted permissions based on the attached service account. However, the app-manual-sync-job does not have a service account attached and the job is initiated or triggered from the backend , causing it to fail due to insufficient permissions.
app-manual-sync-job-dgknh: {"level":"error","ts":1717654271.253899,"caller":"pkg/RepoManager.go:186","msg":"error in registry login, RegistryLogin","DockerArtifactStoreId":"harbor","err":"mkdir /.config: permission denied","stacktrace":"github.com/devtron-labs/chart-sync/pkg.(*HelmRepoManagerImpl).RegistryLogin\n\t/go/src/github.com/devtron-labs/chart-sync/pkg/RepoManager.go:186\ngithub.com/devtron-labs/chart-sync/pkg.(*SyncServiceImpl).syncOCIRepo\n\t/go/src/github.com/devtron-labs/chart-sync/pkg/SyncService.go:165\ngithub.com/devtron-labs/chart-sync/pkg.(*SyncServiceImpl).Sync\n\t/go/src/github.com/devtron-labs/chart-sync/pkg/SyncService.go:102\nmain.(*App).Start\n\t/go/src/github.com/devtron-labs/chart-sync/App.go:26\nmain.main\n\t/go/src/github.com/devtron-labs/chart-sync/main.go:12\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
👟 Reproduction steps
👍 Expected behavior
The
app-manual-sync-job
should have a service account attached, ensuring it has the necessary permissions to run successfully.👎 Actual Behavior
The job is failing because no service account is attached, leading to permission issues.
☸ Kubernetes version
1.23
Cloud provider
🌍 Browser
Chrome
🧱 Your Environment
No response
✅ Proposed Solution
Attach a suitable service account to the app-manual-sync-job to ensure it has the required permissions to execute.
serviceAccountName: chart-sync
If possible, could we obtain a template from the user to include additional security policies and other relevant information?
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
AB#10209