search

solo-io / gloo-portal-issues

Public tracker for issues related to Gloo Portal
https://docs.solo.io/gloo-portal/latest/
1 stars 3 forks source link

Portal can't create VS on OpenShift #62

Closed lgadban closed 3 years ago

lgadban commented 3 years ago

Describe the bug When running Gloo Portal on OpenShift in Gloo Edge mode, the dev-portal deployment is unable to create VirtualServices due to RBAC constraints

To Reproduce Create a basic portal setup (e.g. APIDoc, APIProduct, Routes, etc.) and check the logs of the dev-portal deployment See this error:

{
  "level": "error",
  "ts": 1622673943.8421445,
  "logger": "gloo_portal",
  "msg": "failed upserting resource",
  "resource": "dev.dev-portal..*v1.VirtualService",
  "err": "virtualservices.gateway.solo.io \"dev\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>",
  "stacktrace": "github.com/solo-io/skv2/contrib/pkg/output.Snapshot.upsert\n\t/go/pkg/mod/github.com/solo-io/skv2@v0.17.0/contrib/pkg/output/snapshot.go:321\ngithub.com/solo-io/skv2/contrib/pkg/output.Snapshot.syncList\n\t/go/pkg/mod/github.com/solo-io/skv2@v0.17.0/contrib/pkg/output/snapshot.go:263\ngithub.com/solo-io/skv2/contrib/pkg/output.Snapshot.SyncLocalCluster\n\t/go/pkg/mod/github.com/solo-io/skv2@v0.17.0/contrib/pkg/output/snapshot.go:218\ngithub.com/solo-io/dev-portal/pkg/api/gloo.solo.io/output.(*snapshot).ApplyLocalCluster\n\t/workspace/dev-portal/pkg/api/gloo.solo.io/output/snapshot.go:173\ngithub.com/solo-io/dev-portal/pkg/routing/gateway/gloo/environment.glooEnvironmentRouter.EnsureEnvironmentRoutes\n\t/workspace/dev-portal/pkg/routing/gateway/gloo/environment/gloo_environment_router.go:64\ngithub.com/solo-io/dev-portal/pkg/routing.EnvironmentRouters.EnsureEnvironmentRoutes\n\t/workspace/dev-portal/pkg/routing/router.go:69\ngithub.com/solo-io/dev-portal/pkg/controllers/portal/reconcilers/environment.(*environmentSyncer).makeEnvironmentStatus\n\t/workspace/dev-portal/pkg/controllers/portal/reconcilers/environment/environment_syncer.go:180\ngithub.com/solo-io/dev-portal/pkg/controllers/portal/reconcilers/environment.environmentSyncer.SyncEnvironment\n\t/workspace/dev-portal/pkg/controllers/portal/reconcilers/environment/environment_syncer.go:81\ngithub.com/solo-io/dev-portal/pkg/api/devportal.solo.io/v1alpha1/controller.genericEnvironmentSyncer.Sync\n\t/workspace/dev-portal/pkg/api/devportal.solo.io/v1alpha1/controller/reconciler_impl.go:981\ngithub.com/solo-io/dev-portal/codegen/lib/reconciler/base.(*reconciler).Reconcile\n\t/workspace/dev-portal/codegen/lib/reconciler/base/reconciler.go:148\ngithub.com/solo-io/skv2/pkg/reconcile.(*runnerReconciler).Reconcile\n\t/go/pkg/mod/github.com/solo-io/skv2@v0.17.0/pkg/reconcile/runner.go:204\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.0/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.0/pkg/internal/controller/controller.go:235\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.1\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.0/pkg/internal/controller/controller.go:198\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\t/go/pkg/mod/k8s.io/apimachinery@v0.19.7/pkg/util/wait/wait.go:99"
}

Expected behavior VS should be created successfully

Additional context

lgadban commented 3 years ago

The ClusterRole/dev-portal-dev-portal needs to be updated. Working around this with the following addition:

- apiGroups:
  - devportal.solo.io
  resources:
  ...
  - environments/finalizers
  verbs:
  - get
  - list
  - watch
  - update
marcogschmidt commented 3 years ago

This has been fixed and will be released with 0.7.6 by the end of this week.