-
Bug
-
Resolution: Done
-
Major
-
3.4.0.GA
-
False
-
None
-
False
-
Workaround Exists
-
-
-
Description of problem:
It was not possible to remove workspace with container build capability created in DS 3.3.0 and failed to remove, after an upgrade to DS 3.4.0
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
- Deploy DS 3.4.0 + DWO 0.18.1 with "disableContainerBuildCapabilities: false".
- Create any workspace, start it.
- Set "disableContainerBuildCapabilities: true".
- Stop and delete test workspace.
- Observe workspace stuck on removal.
Actual results:
Workspace continue shown as being removed:
There is an error in devworkspace controller manager logs:
{"level":"info","ts":1675948467.883421,"logger":"controllers.DevWorkspace","msg":"Finalizing DevWorkspace","Request.Namespace":"admin-devspaces","Request.Name":"python-hello-world","devworkspace_id":"workspaceea9c22a594de41b7"}
{"level":"error","ts":1675948467.9166625,"logger":"controllers.DevWorkspace","msg":"Failed to finalize workspace RBAC","Request.Namespace":"admin-devspaces","Request.Name":"python-hello-world","devworkspace_id":"workspaceea9c22a594de41b7","error":"rolebindings.rbac.authorization.k8s.io \"devworkspace-use-container-build\" is forbidden: user \"system:serviceaccount:openshift-operators:devworkspace-controller-serviceaccount\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:openshift-operators\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"security.openshift.io\"], Resources:[\"securitycontextconstraints\"], ResourceNames:[\"container-build\"], Verbs:[\"use\"]}","stacktrace":"github.com/devfile/devworkspace-operator/controllers/workspace.(*DevWorkspaceReconciler).finalize\n\t/remote-source/app/controllers/workspace/finalize.go:75\ngithub.com/devfile/devworkspace-operator/controllers/workspace.(*DevWorkspaceReconciler).Reconcile\n\t/remote-s...
devworkspace-controller-manager-5bbd7c4c55-r9tpq-devworkspace-controller.log
Expected results:
Workspace is removed.
Reproducibility (Always/Intermittent/Only Once):
Always
Build Details:
Additional info (Such as Logs, Screenshots, etc):
- is related to
-
-
- Closed
-