jpeeler
commented
6 years ago This does look wrong: $ oc get role.rbac endpoint-accessor -o yaml Error from server (NotFound): roles.rbac.authorization.k8s.io "endpoint-accessor" not found
Output in the past looked like:
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: creationTimestamp: 2017-11-10T21:20:17Z name: endpoint-accessor namespace: kube-service-catalog resourceVersion: "777" selfLink: /apis/rbac.authorization.k8s.io/v1beta1/namespaces/kube-service-catalog/roles/endpoint-accessor uid: f2cae8be-c65c-11e7-adac-5254006c61d5 rules:
- apiGroups:
- "" resources:
- endpoints verbs:
- create
- get
- list
- update
- watch
Will follow up with @deads2k on Monday.
enj
service-catalog controller-manager does not have required permissions.
Version
Steps To Reproduce
oc cluster up --service-catalog=trueCurrent Result
controller-manager logs are full of 'E0330 07:57:44.442207 1 leaderelection.go:224] error retrieving resource lock kube-service-catalog/service-catalog-controller-manager: endpoints "service-catalog-controller-manager" is forbidden: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot get endpoints in the namespace "kube-service-catalog": User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot get endpoints in project "kube-service-catalog": clusterrole.rbac.authorization.k8s.io "service-catalog-controller" not f ound'
Expected Result
controller-manage works correctly.
Additional Information
This was working up until today.