Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-5396

Dev Spaces failed to deploy because the "clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" was forbidden

XMLWordPrintable

    • False
    • None
    • False

      Description of problem:

      Workaround

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Download and unpack dsc 3.11 from quay.io/devspaces/dsc:3.11
      2. Log into OCP 4.14
      3. Deploy Dev Spaces:

      dsc server:deploy --che-operator-cr-patch-yaml=custom-resource-patch.yaml --package-manifest-name=devspaces --catalog-source-name=devspaces-operator-3-11-osbs-stable --olm-channel=stable --catalog-source-namespace=openshift-marketplace --listr-renderer=verbose

      where custom-resource-patch.yaml has the next content:

      apiVersion: org.eclipse.che/v2
spec:
  devEnvironments:
    maxNumberOfRunningWorkspacesPerUser: 10000
    storage:
      pvcStrategy: per-workspace
  components:
    cheServer:
      logLevel: DEBUG

      Update: Dev Spaces failed to deploy when install Dev Spaces operator from OperatorHub and then create CheCluster resource manually.

      Actual results:

      Dev Spaces failed to deploy:
      https://main-jenkins-csb-crwqe.apps.ocp-c1.prod.psi.redhat.com/job/Testing/job/e2e/job/basic/job/install-ds/3642/console

      [06:16:23] Downloading images...[OK] [title changed]
 [06:16:23] Downloading images...[OK] [completed]
 [06:16:23] Starting [started]
 [06:17:25] Starting [failed]
 [06:17:25] → Red Hat OpenShift Dev Spaces operator failed, reason: InstallOrUpdateFailed, message: Reconciler failed server.CheServerReconciler, cause: clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" is forbidden: user "system:serviceaccount:openshift-operators:devspaces-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
 {APIGroups:["user.openshift.io"], Resources:["groups"], Verbs:["get"]}. Consider increasing error recheck timeout with --k8spoderrorrechecktimeout flag.
 [06:17:25] Gateway pod bootstrap [failed]
 [06:17:25] → Red Hat OpenShift Dev Spaces operator failed, reason: InstallOrUpdateFailed, message: Reconciler failed server.CheServerReconciler, cause: clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" is forbidden: user "system:serviceaccount:openshift-operators:devspaces-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
 {APIGroups:["user.openshift.io"], Resources:["groups"], Verbs:["get"]}. Consider increasing error recheck timeout with --k8spoderrorrechecktimeout flag.
 [06:17:25] Wait for Red Hat OpenShift Dev Spaces ready [failed]
 [06:17:25] → Red Hat OpenShift Dev Spaces operator failed, reason: InstallOrUpdateFailed, message: Reconciler failed server.CheServerReconciler, cause: clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" is forbidden: user "system:serviceaccount:openshift-operators:devspaces-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
 {APIGroups:["user.openshift.io"], Resources:["groups"], Verbs:["get"]}. Consider increasing error recheck timeout with --k8spoderrorrechecktimeout flag.
 Error: Command server:deploy failed with the error: Red Hat OpenShift Dev Spaces operator failed, reason: InstallOrUpdateFailed, message: Reconciler failed server.CheServerReconciler, cause: clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" is forbidden: user "system:serviceaccount:openshift-operators:devspaces-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
 {APIGroups:["user.openshift.io"], Resources:["groups"], Verbs:["get"]}. Consider increasing error recheck timeout with --k8spoderrorrechecktimeout flag. See details: /home/hudson/.cache/dsc/error.log. Red Hat OpenShift Dev Spaces logs: /tmp/dsc-logs/1702293075198.
     at newError (/mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/lib/utils/utls.js:39:19)
     at wrapCommandError (/mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/lib/utils/command-utils.js:53:32)
     at Deploy.<anonymous> (/mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/lib/commands/server/deploy.js:82:65)
     at Generator.throw (<anonymous>)
     at rejected (/mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/node_modules/tslib/tslib.js:165:69)
     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
 Cause: Error: Red Hat OpenShift Dev Spaces operator failed, reason: InstallOrUpdateFailed, message: Reconciler failed server.CheServerReconciler, cause: clusterroles.rbac.authorization.k8s.io "openshift-devspaces-cheworkspaces-namespaces-clusterrole" is forbidden: user "system:serviceaccount:openshift-operators:devspaces-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
 {APIGroups:["user.openshift.io"], Resources:["groups"], Verbs:["get"]}. Consider increasing error recheck timeout with --k8spoderrorrechecktimeout flag.
     at /mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/lib/tasks/pod-tasks.js:190:39
     at Generator.next (<anonymous>)
     at fulfilled (/mnt/hudson_workspace/workspace/Testing/e2e/basic/install-ds/dsc/node_modules/tslib/tslib.js:164:62)
     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

      There were next error messages in dashboard pod logs:

      [logger] logLevel: ERROR
(node:8) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
[logger] logLevel: ERROR
[logger] logLevel: ERROR

      Expected results:

      Dev Spaces has been deployed successfully.

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Acceptance criteria: 

       
      Definition of Done:

      Build Details:

      index_image=

      • registry-proxy.engineering.redhat.com/rh-osbs/devspaces-operator-bundle:3.11-149
      • registry-proxy.engineering.redhat.com/rh-osbs/iib:635572

      Additional info (Such as Logs, Screenshots, etc):

      dsc_error.log
      devspaces-operator.log
       

       *

        1. dsc_error.log
          2 kB
          Dmytro Nochevnov
        2. devspaces-operator.log
          45 kB
          Dmytro Nochevnov

            abazko Anatolii Bazko
            dnochevn Dmytro Nochevnov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: