Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15995

Permission issue with deploy/finalizers when installing as user

    XMLWordPrintable

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Done
    • fuse-7.9-GA
    • fuse-7.9-GA
    • Apicurito
    • None

    Description

      When installed by a namespace admin rather than a cluster-admin, the permissions of the operator service account become more crucial. In the log this error is displayed:

      {"level":"info","ts":1615887201.6337137,"logger":"cmd","msg":"failed to create or get service for metrics: services \"fuse-apicurito-metrics\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}
      {"level":"info","ts":1615887201.6337326,"logger":"cmd","msg":"Could not create metrics Service","error":"failed to create or get service for metrics: services \"fuse-apicurito-metrics\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}

      The reason being that the service-account lacks the deploy/finalizers update permission so is unable to create the metering service. However, this permission must be granted as part of a CLUSTER-ROLE rather than a mere ROLE.

      Attachments

        Issue Links

          Activity

            People

              parichar@redhat.com Paul Richardson
              parichar@redhat.com Paul Richardson
              Mario Majernik Mario Majernik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: