-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
None
-
False
-
-
False
-
-
Description of the problem:
When trying to deploy optimizer app the pod got stuck in clbo due to:
2025-06-11 15:40:08,645 [main] INFO o.Optimizer - Reading configuration from ConfigMap WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance. 2025-06-11 15:40:09,515 [main] ERROR o.Optimizer - Code: 403. Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"app-config\" is forbidden: User \"system:serviceaccount:optimizer:default\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"optimizer\"","reason":"Forbidden","details":{"name":"app-config","kind":"configmaps"},"code":403}
Exception in thread "main" io.kubernetes.client.openapi.ApiException: at io.kubernetes.client.openapi.ApiClient.handleResponse(ApiClient.java:973) at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:885) at io.kubernetes.client.openapi.apis.CoreV1Api.readNamespacedConfigMapWithHttpInfo(CoreV1Api.java:49938) at io.kubernetes.client.openapi.apis.CoreV1Api.readNamespacedConfigMap(CoreV1Api.java:49913) at optimizer.ConfigReader.get(ConfigReader.java:26) at optimizer.Optimizer.main(Optimizer.java:14)
I was able to get the pod running by creating a role allow the sa to talk to the cm
oc create role configmap-reader --verb=get --resource=configmaps --namespace=optimizer
oc create rolebinding configmap-reader-binding --role=configmap-reader --serviceaccount=optimizer:default --namespace=optimizer
- is duplicated by
-
-
- Closed
-
- relates to
-
FLPATH-2183 QE task to verify RO plugin
-
- Closed
-
- links to
