Closed jonathansick closed 2 years ago
@jonathansick Thanks.
apiVersion: roundtable.lsst.codes/v1beta1
kind: StrimziSchemaRegistry
metadata:
name: confluent-schema-registry
spec:
strimziVersion: v1beta2
listener: tls
compatibilityLevel: forward
registryImage: confluentinc/cp-schema-registry
registryImageTag: "7.2.1"
This is my present configuration, though, my pod log still pointing to permission issue. kopf._cogs.clients.errors.APIForbiddenError: ('secrets is forbidden: User "system:serviceaccount:kafka:strimzi-registry-operator" cannot list resource "secrets" in API group "" in the namespace "kafka"', {'kind': 'Status', 'apiVersion': 'v1', 'metadata': {}, 'status': 'Failure', 'message': 'secrets is forbidden: User "system:serviceaccount:kafka:strimzi-registry-operator" cannot list resource "secrets" in API group "" in the namespace "kafka"', 'reason': 'Forbidden', 'details': {'kind': 'secrets'}, 'code': 403}) [2022-10-24 12:19:57,461] kopf._cogs.clients.w [DEBUG ] Stopping the watch-stream for customresourcedefinitions.v1.apiextensions.k8s.io cluster-wide.
We currently hardcode the Schema Registry image version:
https://github.com/lsst-sqre/strimzi-registry-operator/blob/72a2be9919664ba3cb9adf2afa44c987e0e9bd56/strimziregistryoperator/deployments.py#L167
We should develop a pattern for updating this/maintaining this: