search

operator-framework / olm-docs

Hugo doc site for https://github.com/operator-framework/operator-lifecycle-manager
10 stars 79 forks source link

Operator scoping with OperatorGroups #262

Open gittihub123 opened 1 year ago

gittihub123 commented 1 year ago

Hi, I'm trying to install the elasticsearch operator in three namespaces but it doesn't work.

When I deploy and choose one namespace, everything is working fine. The elasticsearch operator is available to install in multi namespaces.

Platform: Openshift 4.10

OperatorGroup

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: elasticoperatorgroup
  namespace: openshift-elastic-operator
spec:
  targetNamespaces:
  - openshift-elastic-operator
  - openshift-elasticprod
  - openshift-elastictest
  - openshift-elasticdev

Subscription

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: elasticsearch-operator
  namespace: openshift-elastic-operator
spec:
  channel: stable
  name: elasticsearch-eck-operator-certified
  source: certified-operators
  sourceNamespace: openshift-marketplace

Error message from operator pod

"log.level":"info","@timestamp":"2022-11-09T13:46:46.976Z","log.logger":"controller-runtime.certwatcher","message":"Starting certificate watcher","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0"}
I1109 13:46:46.977252       1 leaderelection.go:248] attempting to acquire leader lease openshift-elastic-operator/elastic-operator-leader...
W1109 13:46:46.979837       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
E1109 13:46:46.979890       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
W1109 13:46:47.887177       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
E1109 13:46:47.887211       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
W1109 13:46:49.714880       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
E1109 13:46:49.714911       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
W1109 13:46:53.157603       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
E1109 13:46:53.157645       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
W1109 13:47:01.813116       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
E1109 13:47:01.813153       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "secrets" in API group "" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"
I1109 13:47:02.432864       1 leaderelection.go:258] successfully acquired lease openshift-elastic-operator/elastic-operator-leader
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.ApmServer"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Deployment"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Pod"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Service"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"apmserver-controller"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.433Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"deprecated-elasticsearch-autoscaling","source":"kind source: *v1.Elasticsearch"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.434Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"deprecated-elasticsearch-autoscaling"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.Elasticsearch"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.StatefulSet"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.Pod"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.Service"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller","source":"channel source: 0xc000a2cdc0"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-controller"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Kibana"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Deployment"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Pod"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Service"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.435Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"kibana-controller"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.438Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-autoscaler","source":"kind source: *v1alpha1.ElasticsearchAutoscaler"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.438Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-autoscaler","source":"kind source: *v1.Elasticsearch"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.438Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"elasticsearch-autoscaler"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1beta1.Beat"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.DaemonSet"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.Deployment"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.Pod"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting EventSource","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller","source":"kind source: *v1.Secret"}
{"log.level":"info","@timestamp":"2022-11-09T13:47:02.439Z","log.logger":"manager.eck-operator","message":"Starting Controller","service.version":"2.5.0+642f9ecd","service.type":"eck","ecs.version":"1.4.0","controller":"beat-controller"}
W1109 13:47:02.440802       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.2/tools/cache/reflector.go:169: failed to list *v1.Elasticsearch: elasticsearches.elasticsearch.k8s.elastic.co is forbidden: User "system:serviceaccount:openshift-elastic-operator:elastic-operator" cannot list resource "elasticsearches" in API group "elasticsearch.k8s.elastic.co" in the namespace "openshift-elasticdev,openshift-elasticprod,openshift-elastictest"

What am I doing wrong here?

Thank you.

gittihub123 commented 1 year ago

Hello, Any update?

gittihub123 commented 1 year ago

any update?