getting the error on deploy time on the cluster.
1,284 views
Skip to first unread message
Kishan Kumar
Nov 29, 2022, 7:52:00 AM11/29/22
to Operator Framework
Hi Everyone,
W1129 12:15:20.086965 1 reflector.go:324] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
E1129 12:15:20.087013 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
W1129 12:15:42.594737 1 reflector.go:324] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
E1129 12:15:42.594787 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
W1129 12:16:21.265504 1 reflector.go:324] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
E1129 12:16:21.265620 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
1.6697242182723365e+09 ERROR Could not wait for Cache to sync {"controller": "nginx", "controllerGroup": "example.dms.com", "controllerKind": "Nginx", "error": "failed to wait for nginx caches to sync: timed out waiting for cache to be synced"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/internal/controller/controller.go:215
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/internal/controller/controller.go:241
sigs.k8s.io/controller-runtime/pkg/manager.(*runnableGroup).reconcile.func1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/manager/runnable_group.go:219
1.669724218272473e+09 INFO Stopping and waiting for non leader election runnables
1.6697242182724872e+09 INFO Stopping and waiting for leader election runnables
1.669724218272497e+09 INFO Stopping and waiting for caches
1.669724218272661e+09 ERROR controller-runtime.source failed to get informer from cache {"error": "Timeout: failed waiting for *v1.Deployment Informer to sync"}
sigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1.1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/source/source.go:144
k8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtectionWithContext
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:233
k8s.io/apimachinery/pkg/util/wait.poll
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:580
k8s.io/apimachinery/pkg/util/wait.PollImmediateUntilWithContext
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:545
sigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/source/source.go:132
1.669724218272921e+09 INFO Stopping and waiting for webhooks
1.6697242182729347e+09 INFO Wait completed, proceeding to shutdown the manager
1.6697242182729516e+09 ERROR setup problem running manager {"error": "failed to wait for nginx caches to sync: timed out waiting for cache to be synced"}
main.main
/workspace/main.go:112
runtime.main
/usr/local/go/src/runtime/proc.go:250
E1129 12:15:20.087013 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
W1129 12:15:42.594737 1 reflector.go:324] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
E1129 12:15:42.594787 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
W1129 12:16:21.265504 1 reflector.go:324] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
E1129 12:16:21.265620 1 reflector.go:138] pkg/mod/k8s.io/clie...@v0.24.0/tools/cache/reflector.go:167: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx-operator-system:nginx-operator-controller-manager" cannot list resource "deployments" in API group "apps" at the cluster scope
1.6697242182723365e+09 ERROR Could not wait for Cache to sync {"controller": "nginx", "controllerGroup": "example.dms.com", "controllerKind": "Nginx", "error": "failed to wait for nginx caches to sync: timed out waiting for cache to be synced"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/internal/controller/controller.go:215
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/internal/controller/controller.go:241
sigs.k8s.io/controller-runtime/pkg/manager.(*runnableGroup).reconcile.func1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/manager/runnable_group.go:219
1.669724218272473e+09 INFO Stopping and waiting for non leader election runnables
1.6697242182724872e+09 INFO Stopping and waiting for leader election runnables
1.669724218272497e+09 INFO Stopping and waiting for caches
1.669724218272661e+09 ERROR controller-runtime.source failed to get informer from cache {"error": "Timeout: failed waiting for *v1.Deployment Informer to sync"}
sigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1.1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/source/source.go:144
k8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtectionWithContext
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:233
k8s.io/apimachinery/pkg/util/wait.poll
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:580
k8s.io/apimachinery/pkg/util/wait.PollImmediateUntilWithContext
/go/pkg/mod/k8s.io/apimac...@v0.24.0/pkg/util/wait/wait.go:545
sigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1
/go/pkg/mod/sigs.k8s.io/controlle...@v0.12.1/pkg/source/source.go:132
1.669724218272921e+09 INFO Stopping and waiting for webhooks
1.6697242182729347e+09 INFO Wait completed, proceeding to shutdown the manager
1.6697242182729516e+09 ERROR setup problem running manager {"error": "failed to wait for nginx caches to sync: timed out waiting for cache to be synced"}
main.main
/workspace/main.go:112
runtime.main
/usr/local/go/src/runtime/proc.go:250
let me know what has a problem in the operator it is not able to deployments.
Thanks
Kishan Kumar
Varsha Prasad Narsing
Nov 29, 2022, 8:02:47 AM11/29/22
to Kishan Kumar, Operator Framework
Hi Kishan,
The controller needs RBAC permissions to interact with the resources which are being watched by it. To do so, (in case of Go) the framework provides us with the option to specify the rbac rules are "markers" (https://book.kubebuilder.io/reference/markers/rbac.html), which are then used to scaffold "roles.yaml" in config/ directory.
If this is a golang operator can you check if the right rbac markers are present (ref doc: https://sdk.operatorframework.io/docs/building-operators/golang/tutorial/#specify-permissions-and-generate-rbac-manifests).
If this is a helm/ansible operator, you would have to modify `config/rbac/roles.yaml` manually (ref doc: https://sdk.operatorframework.io/docs/building-operators/helm/tutorial/#create-a-new-project and https://sdk.operatorframework.io/docs/building-operators/ansible/tutorial/#2-run-as-a-deployment-inside-the-cluster)
Hope this helps!
Thanks
Varsha
--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/47865bc4-ea1d-4521-a2f2-4a7e14bb18f5n%40googlegroups.com.
Varsha Prasad
Software EngineerOperator SDK Team
Red Hat Inc. San Francisco
Kishan Kumar
Nov 29, 2022, 8:20:43 AM11/29/22
to Operator Framework
Hi Varsha,
Thanks for helping me.
It is working well.
Thanks
Kishan
Thanks
Kishan
Reply all
Reply to author
Forward
0 new messages