search

lsst-sqre / strimzi-registry-operator

A Kubernetes Operator for running the Confluent Schema Registry with a Strimzi-based Kafka cluster
MIT License
81 stars 17 forks source link

Operator in CrashLoopBack off #31

Closed Sai-Charan-Madhvaraj closed 2 years ago

Sai-Charan-Madhvaraj commented 2 years ago 

 [2022-05-10 14:18:43,288] kopf.clients.auth    [DEBUG   ] Pykube is configured in cluster with service account.
[2022-05-10 14:18:43,314] kopf.clients.auth    [DEBUG   ] Client is configured in cluster with service account.
[2022-05-10 14:18:43,454] kopf.reactor.running [ERROR   ] Root task 'watcher of secrets.' is failed: HTTPError('403 Client Error: Forbidden for url: https://10.1.0.1:443/api/v1/namespaces/events/secrets')
[2022-05-10 14:18:43,454] kopf.reactor.running [ERROR   ] Root task 'watcher of strimzischemaregistries.roundtable.lsst.codes' is failed: HTTPError('403 Client Error: Forbidden for url: https://10.1.0.1:443/apis/roundtable.lsst.codes/v1beta1/namespaces/events/strimzischemaregistries')
[2022-05-10 14:18:43,454] kopf.reactor.running [DEBUG   ] Root task 'poster of events' is cancelled.
[2022-05-10 14:18:43,454] kopf.reactor.running [DEBUG   ] Root tasks are stopped: finished normally; tasks left: set()
[2022-05-10 14:18:43,454] kopf.reactor.running [DEBUG   ] Hung tasks stopping is skipped: no tasks given.
Exception when calling CustomObjectsApi->list_namespaced_custom_object: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'd4fdd21a-dda4-43c4-af0e-3eee3fdfd812', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '3bb8fad8-96d0-4f18-9dbc-72c44d43e14a', 'X-Kubernetes-Pf-Prioritylevel-Uid': '3bbd3f6a-ab95-411b-9204-c9714c6adbf4', 'Date': 'Tue, 10 May 2022 14:18:43 GMT', 'Content-Length': '433'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"strimzischemaregistries.roundtable.lsst.codes is forbidden: User \"system:serviceaccount:my-ns:strimzi-registry-operator\" cannot list resource \"strimzischemaregistries\" in API group \"roundtable.lsst.codes\" in the namespace \"events\"","reason":"Forbidden","details":{"group":"roundtable.lsst.codes","kind":"strimzischemaregistries"},"code":403}
Sai-Charan-Madhvaraj commented 2 years ago

i am trying to run the operator in namespace "my-ns" and added the namespace in all manifests but not sure why its trying to look for resources in "events" namespace ?

Sai-Charan-Madhvaraj commented 2 years ago

i see we need to add SSR_CLUSTER_NAME and SSR_NAMESPACE as env to fix. could the documentation be updated with these please

jonathansick commented 2 years ago

@Sai-Charan-Madhvaraj That's a good point. We originally built this for a specific project, but recently generalized it, but we haven't really gone through the docs. Will do.

jonathansick commented 2 years ago

@Sai-Charan-Madhvaraj We've updated the README to cover these configurations. Let us know if we need to improve things more.

Sai-Charan-Madhvaraj commented 2 years ago

Thank you @jonathansick , Looks good to me.