raffaelespazzoli
commented
4 years ago @seb54000 we just released a new version v0.2.0, could you try if it fixes your issue?
Closed seb54000 closed 4 years ago
raffaelespazzoli
commented
4 years ago @seb54000 we just released a new version v0.2.0, could you try if it fixes your issue?
seb54000
commented
4 years ago Thanks @raffaelespazzoli for your quick reply. I didn't see the new version, so I've just test it but it doesn't work, here are the details :
The CRDs are not working with OCP 3.11 (it seems due to kube 1.11, I found an issue here about this : https://github.com/jetstack/cert-manager/issues/2200
I manage to deploy CRDs by commenting 2 lines in each of the three CRDs
# subresources :
# status: {} {"level":"error","ts":1588948238.8342001,"logger":"lockedresourcecontroller","msg":"unable to update status for","object":{"kind":"NamespaceConfig","apiVersion":"redhatcop.redhat.io/v1alpha1","metadata":{"name":"sample-cr","selfLink":"/apis/redhatcop.redhat.io/v1alpha1/namespaceconfigs/sample-cr","uid":"654bc795-9138-11ea-8490-fa163e2dfe9b","resourceVersion":"9425861","generation":1,"creationTimestamp":"2020-05-08T14:29:59Z","annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"redhatcop.redhat.io/v1alpha1\",\"kind\":\"NamespaceConfig\",\"metadata\":{\"annotations\":{},\"name\":\"sample-cr\",\"namespace\":\"ocp-namespace-configuration-operator-crs\"},\"spec\":{\"resources\":[{\"apiVersion\":\"v1\",\"kind\":\"LimitRange\",\"metadata\":{\"name\":\"overcommit-limits\"},\"spec\":{\"limits\":[{\"maxLimitRequestRatio\":{\"cpu\":100,\"memory\":1},\"type\":\"Container\"}]}}],\"selector\":{\"matchLabels\":{\"name\":\"ocp-namespace-configuration-operator-smoke-test\"}}}}\n"}},"spec":{"labelSelector":{},"annotationSelector":{}},"status":{"conditions":[{"type":"ReconcileSuccess","status":"True","reason":"Successful","message":"Awaiting next reconciliation","lastTransitionTime":"2020-05-08T14:30:38Z"}]}},"error":"the server could not find the requested resource (put namespaceconfigs.redhatcop.redhat.io sample-cr)","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\ngithub.com/redhat-cop/operator-utils/pkg/util/lockedresourcecontroller.This might be related to the fact I commented the status lines for subresources in CRDs ? Does anybody tried to run this operator on OCP 3.11 ?
The CRDs are well installed :
$ oc get crd | grep redhat
groupconfigs.redhatcop.redhat.io 2020-05-08T14:29:58Z
namespaceconfigs.redhatcop.redhat.io 2020-05-08T14:29:57Z
userconfigs.redhatcop.redhat.io 2020-05-08T13:06:09Z@seb54000 modifying the CRDs will definitely break the operator. It might be that the new CRDs don't work in 3.11, I haven't tested although I can't imagine why. Maybe you could work with the local red hat team (if there is one) to set up a troubleshooting session.
seb54000
commented
4 years ago Hi, we'll definitely try to set up this troubleshooting session. After further research, on 3.11, it seems that we need to upgrade in 3.11.200 to make the new CRD work. https://bugzilla.redhat.com/show_bug.cgi?id=1803163
seb54000
commented
4 years ago Hi @raffaelespazzoli , just to let you know we manage with help of local redHat to reproduce the bug in v0.1.0 on a 3.11.200 cluster. The good news is the "resourceVersion should not be set bug" is effectively corrected in v0.2.0 with a 3.11.200 OCP cluster.
Thanks again for your work and help
Dear all (thanks for your work on this operator) I manage namespaceConfigs with netpol, rolebinding, limitrange and resourcequotas spec. If I manually delete a netpol created by the operator in the target namespace, the operator is then unable to recreate it. In logs I have :
{"level":"error","ts":1588750393.6752868,"logger":"util","msg":"unable to create object","object":{"apiVersion":"networking.k8s.io/v1","kind":"NetworkPolicy","metadata":{"creationTimestamp":"2020-05-05T14:09:41Z","generation":1,"labels":{"managed-by":"nsconfig-operator","namespace-config-operator.redhat-cop.io_owner":"ocp-namespace-configuration-operator-crs-seb-sub1"},"name":"allow-from-default-namespace","namespace":"seb-sub1","resourceVersion":"8725156","selfLink":"/apis/networking.k8s.io/v1/namespaces/seb-sub1/networkpolicies/allow-from-default-namespace","uid":"104791d5-8eda-11ea-8490-fa163e2dfe9b"},"spec":{"ingress":[{"from":[{"namespaceSelector":{"matchLabels":{"name":"default"}}}]}],"podSelector":{},"policyTypes":["Ingress"]}},"error":"resourceVersion should not be set on objects to be created","stacktrace":"github.com/go-logr/zapr.(*zapLogger)I found related issue and PR on this repo : https://github.com/redhat-cop/namespace-configuration-operator/pull/11 and https://github.com/redhat-cop/namespace-configuration-operator/pull/10 but it seems not working for me
I tried with this image/tag : v0.1.0 and latest from quay.io registry (I didn't try to build an image locally) v0.1.0 do not work (I mean print the unable to create object error) latest is not working as I cannot deploy the CRD
I run the operator on OCP 3.11
When I want to deploy this CRD for instance : https://github.com/redhat-cop/namespace-configuration-operator/blob/master/deploy/crds/redhatcop.redhat.io_namespaceconfigs_crd.yaml, I have errors (I cut the logs as they are really long) : `The CustomResourceDefinition "namespaceconfigs.redhatcop.redhat.io" is invalid:
Dependencies:apiextensions.JSONSchemaDependencies(nil), AdditionalItems:(apiextensions.JSONSchemaPropsOrBool)(nil), Definitions:apiextensions.JSONSchemaDefinitions(nil), ExternalDocs:(apiextensions.ExternalDocumentation)(nil), Example:(apiextensions.JSON)(nil)}: must only have "properties", "required" or "description" at the root if the status subresource is enabled
Thanks for your help