search

instana / instana-agent-operator

A Kubernetes operator to install and manage the Instana agent.
https://www.instana.com
Apache License 2.0
46 stars 21 forks source link

ClusterRoleBinding hardcoded to instana-agent namespace #55

Closed bhepburn closed 2 years ago

bhepburn commented 3 years ago

After installing 1.0.2 of the Instana operator to our OpenShift cluster we were receiving the following error message in the instana-agent logs:

io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://172.21.0.1/api/v1/namespaces/rhm-mlm/pods/instana-agent-4fksb. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "instana-agent-4fksb" is forbidden: User "system:serviceaccount:rhm-mlm:instana-agent" cannot get resource "pods" in API group "" in the namespace "rhm-mlm".

It appears the root cause is due to the ClusterRoleBinding being hardcoded to run in the Instana-agent namespace and we decided to use another namespace in our cluster. https://github.com/instana/instana-agent-operator/blob/d4ea2744370e33c06ac487f6bdbba0b03fd223ea/src/main/resources/instana-agent.clusterrolebinding.yaml#L16

ucfjoe commented 3 years ago

Thanks @bhepburn for your finding, we will check it and get back to you. Regards,

ucfjoe commented 3 years ago

@bhepburn For this version we are limited to use it with instana-agent namespace, However, we started to rewrite our Operator to Golang for improvements and will consider this issue in the upcoming versions.

Thanks.

tkohn commented 2 years ago

Hello @bhepburn,

we released the new operator in December 2021. Have you tried our new operator 2.0.5?