search

oceanbase / ob-operator

Kubernetes operator for OceanBase
https://oceanbase.github.io/ob-operator/
Other
146 stars 38 forks source link

[Bug]: 使用kubernete v1.27.2 helm部署ob-operator ,出现 User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope #61

Closed xlyoung closed 1 year ago

xlyoung commented 1 year ago

Describe the bug

使用helm 部署 ob-operator ,manager报错如下:

image

E0825 10:05:47.016362 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Tenant: failed to list v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:47.047356 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Restore: failed to list v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:47.201811 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Backup: failed to list v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:48.393312 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.TenantBackup: failed to list v1.TenantBackup: tenantbackups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenantbackups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:48.707764 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Restore: failed to list v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:49.984304 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Tenant: failed to list v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:50.342153 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Backup: failed to list v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:53.729373 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Restore: failed to list v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:53.821711 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.TenantBackup: failed to list v1.TenantBackup: tenantbackups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenantbackups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:55.396156 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Tenant: failed to list v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:05:56.695090 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Backup: failed to list v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:04.554326 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.TenantBackup: failed to list v1.TenantBackup: tenantbackups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenantbackups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:05.043140 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Backup: failed to list v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:05.963808 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Restore: failed to list v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:06.751226 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Tenant: failed to list v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:20.786552 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Restore: failed to list v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:24.288853 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Tenant: failed to list v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope E0825 10:06:26.521183 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch v1.Backup: failed to list v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope

helm安装命令:

oceanbase

helm install ob-operator oceanbase/ob-operator \
--set image=******/dockerhub/oceanbasedev/ob-operator:1.2.0 \
--namespace publicservice \
--create-namespace

Environment

uname -a image

kubernetes: v1.27.2

image

Fast reproduce steps

helm安装命令:

oceanbase


helm install ob-operator oceanbase/ob-operator \
--set image=******/dockerhub/oceanbasedev/ob-operator:1.2.0 \
--namespace publicservice \
--create-namespace

日志报错如下:
service:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:05:53.729373       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Restore: failed to list *v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:05:53.821711       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.TenantBackup: failed to list *v1.TenantBackup: tenantbackups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenantbackups" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:05:55.396156       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Tenant: failed to list *v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:05:56.695090       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Backup: failed to list *v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:04.554326       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.TenantBackup: failed to list *v1.TenantBackup: tenantbackups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenantbackups" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:05.043140       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Backup: failed to list *v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:05.963808       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Restore: failed to list *v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:06.751226       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Tenant: failed to list *v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:20.786552       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Restore: failed to list *v1.Restore: restores.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "restores" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:24.288853       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Tenant: failed to list *v1.Tenant: tenants.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "tenants" in API group "cloud.oceanbase.com" at the cluster scope
E0825 10:06:26.521183       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Backup: failed to list *v1.Backup: backups.cloud.oceanbase.com is forbidden: User "system:serviceaccount:publicservice:ob-operator-controller-manager" cannot list resource "backups" in API group "cloud.oceanbase.com" at the cluster scope

### Expected behavior

_No response_

### Actual behavior

_No response_

### Additional context

_No response_
chris-sun-star commented 1 year ago

fixed with this pull request https://github.com/oceanbase/ob-operator/pull/62

chris-sun-star commented 1 year ago

you can try install ob-operator 1.2.0 using helm again