search

kubernetes-sigs / cluster-api

Home for Cluster API, a subproject of sig-cluster-lifecycle
https://cluster-api.sigs.k8s.io
Apache License 2.0
3.58k stars 1.32k forks source link

clusterctl: filter out cert-manager-leaderelection ClusterRoleBinding #2928

Closed ncdc closed 4 years ago

ncdc commented 4 years ago

What steps did you take and what happened:

  1. Create a management cluster with clusterctl
  2. Try to back it up using Velero
  3. Backup fails because it can't find cert-manager-leaderelection (Velero tries to back up all referenced roles)

What did you expect to happen:

  1. No failure

Anything else you would like to add: https://github.com/jetstack/cert-manager/pull/2207 removed the cert-manager-leaderelection ClusterRoleBinding (there is another ClusterRoleBinding with a slightly different name that fulfills the same intent and actually works).

We should probably add code to the cert manager part of clusterctl that just filters out this ClusterRoleBinding by name when converting the bindata assets back to objects.

/kind bug /help

k8s-ci-robot commented 4 years ago

@ncdc: This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to [this](https://github.com/kubernetes-sigs/cluster-api/issues/2928): >**What steps did you take and what happened:** >1. Create a management cluster with clusterctl >1. Try to back it up using Velero >1. Backup fails because it can't find cert-manager-leaderelection (Velero tries to back up all referenced roles) > > >**What did you expect to happen:** >1. No failure > >**Anything else you would like to add:** >https://github.com/jetstack/cert-manager/pull/2207 removed the cert-manager-leaderelection ClusterRoleBinding (there is another ClusterRoleBinding with a slightly different name that fulfills the same intent and actually works). > >We should probably add code to the cert manager part of clusterctl that just filters out this ClusterRoleBinding by name when converting the bindata assets back to objects. > >/kind bug >/help Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
wfernandes commented 4 years ago

/assign /lifecycle active

vincepri commented 4 years ago

/milestone v0.3.x

wfernandes commented 4 years ago

Was able to repro this issue: $ velero backup logs wff-test-velero-backup1 | grep -v level=info

time="2020-04-17T20:47:34Z" level=error msg="Error backing up item" backup=velero/wff-test-velero-backup1 error="clusterroles.rbac.authorization.k8s.io \"cert-manager-leaderelection\" not found" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/backup/item_backupper.go:351" error.function="github.com/vmware-tanzu/velero/pkg/backup.(*defaultItemBackupper).executeActions" group=v1 logSource="pkg/backup/resource_backupper.go:287" name=cert-manager namespace= resource=serviceaccounts

fabriziopandini commented 4 years ago

What about having a local copy of the cert-manager manifest (instead of curl every time we build generate bin data)?