Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in OpenShift image-pull delegation on IBM Cloud #2530

Closed
nicolaferraro opened this issue Jul 26, 2021 · 1 comment
Closed

Error in OpenShift image-pull delegation on IBM Cloud #2530

nicolaferraro opened this issue Jul 26, 2021 · 1 comment
Labels
kind/bug Something isn't working
Milestone
1.5.1

Comments

@nicolaferraro
Copy link
Member

The operator fails to create the RoleBinding that binds the system:image-puller ClusterRole to the integration service account (pull-secret trait).

This happens when the operator is installed globally and no IntegrationPlatform is created in the user namespace.

The final result is that the pod can't start (image pull error).

Operator logs:

{"level":"error","ts":1627317698.8724444,"logger":"controller-runtime.manager.controller.integration-controller","msg":"Reconciler error","name":"example","namespace":"nf-test","error":"error executing post actions: error during apply resource: &RoleBinding{ObjectMeta:{camel-k-puller-nf-test  openshift-operators    0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[camel.apache.org/generation:1 camel.apache.org/integration:example] map[] [{camel.apache.org/v1 Integration example 8abd7803-d2b4-429a-89d6-4f1ffcba30c9 0xc0017d0141 0xc0017d0142}] []  []},Subjects:[]Subject{Subject{Kind:ServiceAccount,APIGroup:,Name:default,Namespace:nf-test,},},RoleRef:RoleRef{APIGroup:,Kind:ClusterRole,Name:system:image-puller,},}: Object 'Kind' is missing in 'unstructured object has no kind'","errorVerbose":"Object 'Kind' is missing in 'unstructured object has no kind'\nerror during apply resource: &RoleBinding{ObjectMeta:{camel-k-puller-nf-test  openshift-operators    0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[camel.apache.org/generation:1 camel.apache.org/integration:example] map[] [{camel.apache.org/v1 Integration example 8abd7803-d2b4-429a-89d6-4f1ffcba30c9 0xc0017d0141 0xc0017d0142}] []  []},Subjects:[]Subject{Subject{Kind:ServiceAccount,APIGroup:,Name:default,Namespace:nf-test,},},RoleRef:RoleRef{APIGroup:,Kind:ClusterRole,Name:system:image-puller,},}\ngithub.com/apache/camel-k/pkg/trait.(*deployerTrait).serverSideApply\n\tgithub.com/apache/camel-k/pkg/trait/deployer.go:123\ngithub.com/apache/camel-k/pkg/trait.(*deployerTrait).Apply.func2\n\tgithub.com/apache/camel-k/pkg/trait/deployer.go:95\ngithub.com/apache/camel-k/pkg/trait.Apply\n\tgithub.com/apache/camel-k/pkg/trait/trait.go:52\ngithub.com/apache/camel-k/pkg/controller/integration.(*deployAction).Handle\n\tgithub.com/apache/camel-k/pkg/controller/integration/deploy.go:56\ngithub.com/apache/camel-k/pkg/controller/integration.(*reconcileIntegration).Reconcile\n\tgithub.com/apache/camel-k/pkg/controller/integration/integration_controller.go:324\ngithub.com/apache/camel-k/pkg/util/monitoring.(*instrumentedReconciler).Reconcile\n\tgithub.com/apache/camel-k/pkg/util/monitoring/controller.go:71\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:99\nruntime.goexit\n\truntime/asm_amd64.s:1374\nerror executing post actions\ngithub.com/apache/camel-k/pkg/trait.Apply\n\tgithub.com/apache/camel-k/pkg/trait/trait.go:54\ngithub.com/apache/camel-k/pkg/controller/integration.(*deployAction).Handle\n\tgithub.com/apache/camel-k/pkg/controller/integration/deploy.go:56\ngithub.com/apache/camel-k/pkg/controller/integration.(*reconcileIntegration).Reconcile\n\tgithub.com/apache/camel-k/pkg/controller/integration/integration_controller.go:324\ngithub.com/apache/camel-k/pkg/util/monitoring.(*instrumentedReconciler).Reconcile\n\tgithub.com/apache/camel-k/pkg/util/monitoring/controller.go:71\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:99\nruntime.goexit\n\truntime/asm_amd64.s:1374","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\tk8s.io/[email protected]/pkg/util/wait/wait.go:99"}
@nicolaferraro nicolaferraro added the kind/bug Something isn't working label Jul 26, 2021
@nicolaferraro nicolaferraro added this to the 1.5.1 milestone Jul 26, 2021
@nicolaferraro
Copy link
Member Author

Workaround is to manually create the following rolebinding:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: camel-k-puller-#your-namespace#
  namespace: openshift-operators
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:image-puller
subjects:
- kind: ServiceAccount
  name: default
  namespace: "#your-namespace#"

Replacing #your-namespace# with each project where you want to run integrations.

nicolaferraro added a commit that referenced this issue Jul 28, 2021
@nicolaferraro
Fix #2530: fix type and do not add cross-namespace owner references
c7ab73b
nicolaferraro added a commit that referenced this issue Jul 29, 2021
@nicolaferraro
Fix #2530: revert direct creation of image puller and use platform as…
bbba905 
… owner
nicolaferraro added a commit that referenced this issue Jul 29, 2021
@nicolaferraro
Fix #2530: fix test to check actual resources on the namespace
39e9e09
astefanutti pushed a commit that referenced this issue Jul 30, 2021
@nicolaferraro @astefanutti
Fix #2530: revert direct creation of image puller and use platform as…
0154c4a 
… owner
astefanutti pushed a commit that referenced this issue Jul 30, 2021
@nicolaferraro @astefanutti
Fix #2530: fix test to check actual resources on the namespace
f168d64
astefanutti pushed a commit to jboss-fuse/camel-k that referenced this issue Aug 2, 2021
@nicolaferraro @astefanutti
Fix apache#2530: fix type and do not add cross-namespace owner refere…
44e7547 
…nces
astefanutti pushed a commit to jboss-fuse/camel-k that referenced this issue Aug 2, 2021
@nicolaferraro @astefanutti
Fix apache#2530: revert direct creation of image puller and use platf…
3fb82d3 
…orm as owner
astefanutti pushed a commit to jboss-fuse/camel-k that referenced this issue Aug 2, 2021
@nicolaferraro @astefanutti
Fix apache#2530: fix test to check actual resources on the namespace
1c86845
astefanutti pushed a commit that referenced this issue Aug 4, 2021
@nicolaferraro @astefanutti
Fix #2530: fix type and do not add cross-namespace owner references
1c74469
astefanutti pushed a commit that referenced this issue Aug 4, 2021
@nicolaferraro @astefanutti
Fix #2530: revert direct creation of image puller and use platform as…
07b52bd 
… owner
astefanutti pushed a commit that referenced this issue Aug 4, 2021
@nicolaferraro @astefanutti
Fix #2530: fix test to check actual resources on the namespace
be736c4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
1.5.1
Development

No branches or pull requests
1 participant
@nicolaferraro