I'm working with a namespace of "kafka" and a cluster named "alert-broker". As a result, my strimzi-registry-operator is crash looping with an auth error:
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': '5fb4d27a-dc51-4426-ad97-8a0779c67aa4', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '82ffa779-dd6e-4979-9073-6d6527a12a67', 'X-Kubernetes-Pf-Prioritylevel-Uid': '7ab3ebaf-3c64-43ed-accc-590d562d6d4d', 'Date': 'Wed, 20 Oct 2021 16:32:35 GMT', 'Content-Length': '429'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"strimzischemaregistries.roundtable.lsst.codes is forbidden: User \"system:serviceaccount:kafka:strimzi-registry-operator\" cannot list resource \"strimzischemaregistries\" in API group \"roundtable.lsst.codes\" in the namespace \"events\"","reason":"Forbidden","details":{"group":"roundtable.lsst.codes","kind":"strimzischemaregistries"},"code":403}
Highlighting the relevant bit:
strimzischemaregistries.roundtable.lsst.codes is forbidden: User "system:serviceaccount:kafka:strimzi-registry-operator" cannot list resource "strimzischemaregistries" in API group "roundtable.lsst.codes" in the namespace "events"
As the todo notes, this ought to be configurable so the operator can be used with different namespaces and broker names.
state.py
hardcodes the Kafka broker name and namespace to be "events": https://github.com/lsst-sqre/strimzi-registry-operator/blob/652abb9a9f87f57f4e1182dfa06322e1f89b0026/strimziregistryoperator/state.py#L4-L14I'm working with a namespace of "kafka" and a cluster named "alert-broker". As a result, my strimzi-registry-operator is crash looping with an auth error:
Highlighting the relevant bit:
As the todo notes, this ought to be configurable so the operator can be used with different namespaces and broker names.