search

mittwald / kubernetes-secret-generator

Kubernetes controller for automatically generating and updating secrets
Apache License 2.0
329 stars 56 forks source link

Permissions for OwnerReferencesPermissionEnforcement plugin #86

Open OleksandrShtepa opened 1 year ago

OleksandrShtepa commented 1 year ago

Describe the bug In OKD OwnerReferencesPermissionEnforcement plugin enabled by default. I got follow error after attempt to create Secret by StringSecret CRD:

{"level":"info","ts":1685956649.2009747,"logger":"controller_string_secret","msg":"Reconciling StringSecret","Request.Namespace":"test","Request.Name":"test"}
{"level":"error","ts":1685956649.2061837,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"stringsecret-controller","request":"test/test","error":"secrets \"test\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/runner/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/runner/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/runner/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/runner/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:88"}

This is error like this in Operator SDK

Environment:

Additional context I have fixed this error for me by patch:

+   - apiGroups:
+         - secretgenerator.mittwald.de
+     resources:
+       - basicauths/finalizers
+       - sshkeypairs/finalizers
+       - stringsecrets/finalizers
+     verbs:
+       - update