search

lightbend / cloudflow-helm-charts

Cloudflow Helm repository
Apache License 2.0
0 stars 8 forks source link

User "system:serviceaccount:cloudflow:cloudflow-operator" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope. #25

Open ycrxun opened 3 years ago

ycrxun commented 3 years ago 
helm install cloudflow cloudflow-helm-charts/cloudflow --namespace cloudflow \
  --version "2.2.2" \
  --set kafkaClusters.default.bootstrapServers=cloudflow-strimzi-kafka-bootstrap.cloudflow:9092
2021-09-09 12:31:20,166 INFO  [ActorSystemImpl] - Bound to /0:0:0:0:0:0:0:0:5001.
2021-09-09 12:31:26,269 INFO  [ActorSystemImpl] - Connected to Kubernetes cluster 
2021-09-09 12:31:32,178 ERROR [ActorSystemImpl] - Unexpected error starting cloudflow operator, terminating.
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://10.43.0.1/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:cloudflow:cloudflow-operator" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope.
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:570)
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:507)
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:474)
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:435)
    at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:250)
    at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:871)
    at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:366)
    at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:85)
    at cloudflow.operator.Main$.checkCRD(Main.scala:153)
    at cloudflow.operator.Main$.main(Main.scala:61)
    at cloudflow.operator.Main.main(Main.scala)
RayRoestenburg commented 3 years ago

You can install the CRD manually (using kubectl, with the right permissions), in that case the operator will not try to create the CRD. The CRD is here: https://github.com/lightbend/cloudflow/blob/main/core/cloudflow-crd/kubernetes/cloudflow-crd.yaml

Just apply it with kubectl apply -f <crd-file>

TheClassAct commented 2 years ago

Hey @RayRoestenburg

Tried above solution but no joy, operator still attempts to create the CRD. Any advice is appreciated thanks