Operator losing permissions
4 views
Skip to first unread message
Pete Stapley
Jun 23, 2022, 1:47:31 PM6/23/22
to Operator Framework
Has anyone experienced an operator suddenly losing permission? Every day or so we start receiving "Unauthorized" errors. Restarting the operator corrects the problem. Any suggestions would be appreciated. Thanks!
Alex Greene
Jun 23, 2022, 3:03:03 PM6/23/22
to Pete Stapley, Operator Framework
This is unexpected behavior that I haven't heard of before. I assume that the operator has the RBAC it needs when these errors are logged? Could you share the authorization errors?
Best,
Alex
On Thu, Jun 23, 2022 at 10:47 AM Pete Stapley <pete.s...@clearview.ai> wrote:
Has anyone experienced an operator suddenly losing permission? Every day or so we start receiving "Unauthorized" errors. Restarting the operator corrects the problem. Any suggestions would be appreciated. Thanks!
The information contained in this message may be protected by copyright law, privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you believe you have received this e-mail message in error, please email the sender. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of the company. Our employees and consultants are obliged not to make any defamatory statements, infringe, or authorize infringement of any legal right. Therefore, the company will not take any liability for such statements included in emails. In case of any damages or other liabilities arising, employees are fully responsible for the content of their emails. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. Copyright © 2022 Clearview AI, Inc. All rights reserved.
--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/f9914f3d-0367-4792-8a1b-e6598b2fdf54n%40googlegroups.com.
--
Justin Cook
Jun 23, 2022, 3:28:24 PM6/23/22
to Operator Framework, Pete Stapley
I imagine you are using something like OIDC with Google identity provider. The operator controller pod is probably not using a service account with bearer token which does not time out.
You need to configure a service account and associate it with the correct role(s). The bearer tokens will be created and managed by the API server, and your issue will be resolved.
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
If you are using something like Keycloak there could be a misconfiguration not allowing the token to be refreshed.
You need to configure a service account and associate it with the correct role(s). The bearer tokens will be created and managed by the API server, and your issue will be resolved.
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
If you are using something like Keycloak there could be a misconfiguration not allowing the token to be refreshed.
On 23 Jun 2022, 18:47 +0100, Pete Stapley <pete.s...@clearview.ai>, wrote:
Has anyone experienced an operator suddenly losing permission? Every day or so we start receiving "Unauthorized" errors. Restarting the operator corrects the problem. Any suggestions would be appreciated. Thanks!
Reply all
Reply to author
Forward
0 new messages