Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Routes Controller is missing the SA #747

Closed
adrianriobo opened this issue Jun 27, 2023 · 1 comment
Closed

[Bug] Routes Controller is missing the SA #747

adrianriobo opened this issue Jun 27, 2023 · 1 comment
Assignees
@praveenkumar

Comments

@adrianriobo
Copy link
Contributor

Previously routes controller was started from crc, now the deployment has been migrated to SNC, on that migration the SA required to run the pod is missing.

Now the routes controller can not read resource on the cluster so it is not able to export those routes to the hosts files.

PS C:\Users\rhqp> oc logs routes-controller-6fc7679574-lxrnj -n openshift-ingress | more
W0627 11:36:52.901038       1 client_config.go:617] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
W0627 11:36:53.101612       1 reflector.go:324] /remote-source/app/main.go:64: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope
E0627 11:36:53.101827       1 reflector.go:138] /remote-source/app/main.go:64: Failed to watch *v1.Route: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope
W0627 11:36:53.101620       1 reflector.go:324] /remote-source/app/main.go:53: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope
E0627 11:36:53.101847       1 reflector.go:138] /remote-source/app/main.go:53: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope
W0627 11:36:54.387096       1 reflector.go:324] /remote-source/app/main.go:64: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope
E0627 11:36:54.387307       1 reflector.go:138] /remote-source/app/main.go:64: Failed to watch *v1.Route: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope
W0627 11:36:54.657362       1 reflector.go:324] /remote-source/app/main.go:53: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope
E0627 11:36:54.657458       1 reflector.go:138] /remote-source/app/main.go:53: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope
W0627 11:36:56.969915       1 reflector.go:324] /remote-source/app/main.go:53: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope

This was suppose to be tested during last week pre sign for the 4.13.3 bundles but those tests only included basic testing and not full e2e. Also this is only impacting windows and mac as on linux url are resolved with dnsmasq and wildcards.
@praveenkumar praveenkumar self-assigned this Jun 27, 2023
praveenkumar added a commit to praveenkumar/crc that referenced this issue Jun 27, 2023
@praveenkumar
Revert "Deploy router controller resource from bundle"
aa22fde 
This reverts commit 7cf9765. Looks like
in the bundle, route controller resource does not have the vaild service
account and because of that `/etc/hosts` file not updated as expected,
which become blocker issue for current 2.22.0 release. This PR revert it
and we will put it back after it is resolved on snc side.

- crc-org/snc#747
@praveenkumar praveenkumar mentioned this issue Jun 27, 2023
Merged
praveenkumar added a commit to crc-org/crc that referenced this issue Jun 27, 2023
@praveenkumar
Revert "Deploy router controller resource from bundle"
567ca08 
This reverts commit 7cf9765. Looks like
in the bundle, route controller resource does not have the vaild service
account and because of that `/etc/hosts` file not updated as expected,
which become blocker issue for current 2.22.0 release. This PR revert it
and we will put it back after it is resolved on snc side.

- crc-org/snc#747
praveenkumar added a commit to praveenkumar/snc that referenced this issue Jul 6, 2023
@praveenkumar
Rename route_controller.yaml.in to router-controller.yaml.in
e762db5 
- This is more consistent with the naming of the container image
- This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file
    - crc-org#747
praveenkumar added a commit to praveenkumar/snc that referenced this issue Jul 6, 2023
@praveenkumar
Rename route_controller.yaml.in to routes-controller.yaml.in
3e912c3 
- This is more consistent with the naming of the container image
- This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file
    - crc-org#747
praveenkumar added a commit that referenced this issue Jul 6, 2023
@praveenkumar
Rename route_controller.yaml.in to routes-controller.yaml.in
3edc3ce 
- This is more consistent with the naming of the container image
- This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file
    - #747
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/snc that referenced this issue Jul 6, 2023
@praveenkumar
Rename route_controller.yaml.in to routes-controller.yaml.in
fb10d95 
- This is more consistent with the naming of the container image
- This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file
    - crc-org#747
praveenkumar added a commit that referenced this issue Jul 7, 2023
@praveenkumar
Rename route_controller.yaml.in to routes-controller.yaml.in
4d67499 
- This is more consistent with the naming of the container image
- This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file
    - #747
@praveenkumar
Copy link
Member

This is now fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@praveenkumar praveenkumar

Labels
None yet
Projects
Project planning: crc
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@praveenkumar @adrianriobo