I installed jaeger-operator (1.17.0) using the helm chart jaegertracing/jaeger-operator v2.14.2 on Openshift 3.11. After the installation we were facing the following error:
42:59Z" level=warning msg="could not create ServiceMonitor object" error="servicemonitors.monitoring.coreos.com \"jaeger-operator-metrics\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: no RBAC policy matched, "
naseemkullah
commented
4 years ago
I installed jaeger-operator (1.17.0) using the helm chart jaegertracing/jaeger-operator v2.14.2 on Openshift 3.11. After the installation we were facing the following error:
42:59Z" level=warning msg="could not create ServiceMonitor object" error="servicemonitors.monitoring.coreos.com \"jaeger-operator-metrics\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: no RBAC policy matched,"
Looks like a bug in the helm chart template role.yaml where services/finalizers is missing(https://github.com/jaegertracing/helm-charts/blob/master/charts/jaeger-operator/templates/role.yaml). I've tested this by patching the Clusterrole created by the Helm chart and adding the permission services/finalizers. After this modification the error is gone.
Furthermore I noticed that this specific permission is defined in the jaegertracing/jaeger-operator repo: https://github.com/jaegertracing/jaeger-operator/blob/master/deploy/cluster_role.yaml
**Running on: openshift v3.11.219 kubernetes v1.11.0+d4cacc0 **