Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: When insufficient permissions exist to watch managed resources, reconciliation halts #1109

Closed
Tracked by #950
everettraven opened this issue Aug 12, 2024 · 1 comment · Fixed by #1119
Closed
Tracked by #950

Bug: When insufficient permissions exist to watch managed resources, reconciliation halts #1109

everettraven opened this issue Aug 12, 2024 · 1 comment · Fixed by #1119
Assignees
@everettraven
Labels
v1.0 Issues related to the initial stable release of OLMv1
Milestone
v1.0.0

Comments

@everettraven
Copy link
Contributor

When you create a ClusterExtension referencing a ServiceAccount with insufficient permissions to list and watch managed resources, we loop forever while waiting for the watches to successfully become established.

In the operator-controller-manager logs you'll see a looping error similar to:

W0809 19:08:12.963229       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list apiextensions.k8s.io/v1, Kind=CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:argocd:argocd-installer" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
@everettraven everettraven self-assigned this Aug 12, 2024
This was referenced Aug 12, 2024
Open
Merged
@everettraven everettraven added this to the v1.0.0 milestone Aug 20, 2024
@everettraven everettraven added the v1.0 Issues related to the initial stable release of OLMv1 label Aug 27, 2024
@m1kola
Copy link
Member

m1kola commented Aug 30, 2024

We have this issue in our sample manifest. I see that #1119 which addressed this issue also fixes the sample so I closed #1195 as a duplicate of this issue.

@m1kola m1kola closed this as completed Aug 30, 2024
@m1kola m1kola reopened this Aug 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@everettraven everettraven

Labels
v1.0 Issues related to the initial stable release of OLMv1
Projects
OLM v1
Status: Done
Milestone
v1.0.0
2 participants
@m1kola @everettraven