-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.4.3 vault-secrets-operator crashes when deploying from a manually rendered Helm chart. #575
Comments
[athangal@marv2257 ~]$ oc logs vault-secrets-operator-controller-manager-7c6fb6cd5d-khtgr| grep ERROR |
HI @anilpally - it looks like something may have gone wrong during the installation. Can you provide more details on how you are installing VSO. Are you using Helm, Kustomize or OLM. Also, was this an upgrade or a fresh install? In case you are using Helm and this was an upgrade, please see https://developer.hashicorp.com/vault/docs/platform/k8s/vso/installation#updating-crds-when-using-helm |
hi @benashz we convert helm chart into templates, helm template -f vaules.yaml --include-crds --output-dir /tmp/vault-secrets-operator Argocd apply manifest under /tmp/vault-secrets-operator $ ls vault-secrets-operator/templates/ $ pwd |
@benashz can you let us know in which order we should apply, so i can annotate them in the order arogocd applies. |
any update? |
@anilpally, it looks you are using a non standard installation method by rendering the Helm chart to k8s manifests. In theory that might work, but it is not supported. We currently only support installing VSO from the Helm chart (using helm), the OLM package, or Kustomize. |
Describe the bug
v0.4.3 vault-secrets-operator crashes, also verbs are missing for hcpauth, hcpvaultsecretsapps clusterrole, i expect these to be created with deployment/ CRDs
To Reproduce
Steps to reproduce the behavior:
See error (vault-secrets-operator logs, application logs, etc.)
E0129 18:15:53.073016 1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1beta1.HCPVaultSecretsApp: failed to list *v1beta1.HCPVaultSecretsApp: hcpvaultsecretsapps.secrets.hashicorp.com is forbidden: User "system:serviceaccount:vault-secrets-operator:vault-secrets-operator-controller-manager" cannot list resource "hcpvaultsecretsapps" in API group "secrets.hashicorp.com" at the cluster scope
W0129 18:16:00.727099 1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1beta1.HCPVaultSecretsApp: hcpvaultsecretsapps.secrets.hashicorp.com is forbidden: User "system:serviceaccount:vault-secrets-operator:vault-secrets-operator-controller-manager" cannot list resource "hcpvaultsecretsapps" in API group "secrets.hashicorp.com" at the cluster scope
E0129 18:16:00.727258 1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1beta1.HCPVaultSecretsApp: failed to list *v1beta1.HCPVaultSecretsApp: hcpvaultsecretsapps.secrets.hashicorp.com is forbidden: User "system:serviceaccount:vault-secrets-operator:vault-secrets-operator-controller-manager" cannot list resource "hcpvaultsecretsapps" in API group "secrets.hashicorp.com" at the cluster scope
W0129 18:16:04.331736 1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1beta1.HCPAuth: hcpauths.secrets.hashicorp.com is forbidden: User "system:serviceaccount:vault-secrets-operator:vault-secrets-operator-controller-manager" cannot list resource "hcpauths" in API group "secrets.hashicorp.com" at the cluster scope
E0129 18:16:04.331906 1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1beta1.HCPAuth: failed to list *v1beta1.HCPAuth: hcpauths.secrets.hashicorp.com is forbidden: User "system:serviceaccount:vault-secrets-operator:vault-secrets-operator-controller-manager" cannot list resource "hcpauths" in API group "secrets.hashicorp.com" at the cluster scope
Expected behavior
stable deployment not crashing often, with clusterrole updated for hcpauth/hcpvaultsecretsapps.
Environment
ocp 4.14
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: